1215 matches found
RabbitMQ Node can log Basic Auth header from an HTTP request
...
Authorization Bypass in MLflow Basic Auth (unprotected Flask/GraphQL routes)
This report is not public...
Linux Distros Unpatched Vulnerability : CVE-2025-8264
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inje...
firefox: thunderbird: Incorrect URL stripping in CSP reports
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...
CVE-2025-7679 Session ID Basic Auth Bypass
The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT...
CVE-2025-7679 Session ID Basic Auth Bypass
The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT...
firefox: thunderbird: Incorrect URL stripping in CSP reports
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...
firefox: thunderbird: Incorrect URL stripping in CSP reports
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...
firefox: thunderbird: Incorrect URL stripping in CSP reports
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...
firefox: thunderbird: Incorrect URL stripping in CSP reports
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...
firefox: thunderbird: Incorrect URL stripping in CSP reports
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...
firefox: thunderbird: Incorrect URL stripping in CSP reports
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...
BIT-LIBPHP-2025-1736 Stream HTTP wrapper header check might omit basic auth header
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...
Catalyst::Authentication::Credential::HTTP 安全漏洞
Catalyst::Authentication::Credential::HTTP is a Catalyst open source HTTP basic and digest authentication library. A security vulnerability exists in Catalyst::Authentication::Credential::HTTP version 1.018 and earlier that stems from the use of a non-strongly encrypted source to generate a nonce...
CVE-2012-10024
XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw ...
Linux Distros Unpatched Vulnerability : CVE-2025-8031
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was...
firefox: thunderbird: Incorrect URL stripping in CSP reports
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...
CVE-2025-54573 CVAT vulnerable to email verification bypass by use of basic authentication
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...
firefox: thunderbird: Incorrect URL stripping in CSP reports
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...
firefox: thunderbird: Incorrect URL stripping in CSP reports
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...