CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1215 matches found

RedHat Linux•added 2025/07/29 8:15 a.m.•4 views

firefox: thunderbird: Incorrect URL stripping in CSP reports

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...

9.8CVSS7.3AI score0.00443EPSS

Exploits0References6

RedHat Linux•added 2025/07/29 8:12 a.m.•3 views

firefox: thunderbird: Incorrect URL stripping in CSP reports

9.8CVSS7.3AI score0.00443EPSS

Exploits0References6

Tenable Nessus•added 2025/07/28 12:0 a.m.•3 views

FreeBSD : Mozilla -- HTTP Basic Authentication credentials leak (477e9eb3-685e-11f0-a12d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 477e9eb3-685e-11f0-a12d-b42e991fc52e advisory. [email protected] reports: The username:password part was not correctly stripped from URLs in CSP...

9.8CVSS8.2AI score0.00443EPSS

Exploits0References3

Gitee•added 2025/07/27 3:31 a.m.•176 views

drupwn

This is an offensive tool for Drupal enumeration and exploitation. The tool, named Drupwn, is designed to automate Drupal information gathering and exploitation. It can be run in two modes: enum and exploit. The enum mode allows performing enumerations, while the exploit mode allows checking and...

7.1AI score

Exploits0

RedHat Linux•added 2025/07/24 3:21 p.m.•6 views

firefox: thunderbird: Incorrect URL stripping in CSP reports

9.8CVSS7.3AI score0.00443EPSS

Exploits0References6

SUSE CVE•added 2025/07/23 11:25 p.m.•1 views

SUSE CVE-2025-8031

The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

7.5CVSS7.2AI score0.00443EPSS

Exploits0References11

AlpineLinux•added 2025/07/22 9:15 p.m.•2 views

CVE-2025-8031

The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

9.8CVSS6.6AI score0.00443EPSS

Exploits0References8

OSV•added 2025/07/22 9:15 p.m.•3 views

CVE-2025-8031

9.8CVSS5.4AI score

Exploits0References8

ATTACKERKB•added 2025/07/22 8:49 p.m.•1 views

CVE-2025-8031

9.8CVSS5.8AI score0.00443EPSS

Exploits0References8

Vulnrichment•added 2025/07/22 8:49 p.m.•2 views

CVE-2025-8031 Incorrect URL stripping in CSP reports

7.2AI score0.00443EPSS

Exploits0References7

CVE•added 2025/07/22 8:49 p.m.•71 views

CVE-2025-8031

CVE-2025-8031 concerns a vulnerability where the username:password portion is not correctly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials. The CVE’s context across connected documents shows affected software including Firefox and Thunderbird variants...

9.8CVSS7.2AI score0.00443EPSS

Exploits0References8Affected Software2

Cvelist•added 2025/07/22 8:49 p.m.•6 views

CVE-2025-8031 Incorrect URL stripping in CSP reports

0.00443EPSS

Exploits0References7

Debian CVE•added 2025/07/22 8:49 p.m.•4 views

CVE-2025-8031

9.8CVSS8.4AI score0.00443EPSS

Exploits0

FreeBSD•added 2025/07/22 12:0 a.m.•7 views

Mozilla -- HTTP Basic Authentication credentials leak

[email protected] reports: The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials...

9.8CVSS6.8AI score0.00443EPSS

Exploits0References1

RedhatCVE•added 2025/07/12 7:24 p.m.•5 views

CVE-2025-34099

An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidialsalesviewer.php component when password encryption is enabled a non-default configuration. The application improperly passes the HTTP Basic Authentication password directly ...

9.3CVSS8.1AI score0.435EPSS

Exploits0References1

CVE•added 2025/07/10 7:10 p.m.•30 views

CVE-2025-34099

Affected software: VICIdial v2.9 RC1–2.13 RC1; component: vicidial_sales_viewer.php. Root cause: when password encryption is enabled (non-default), the HTTP Basic Authentication password is directly passed to exec(), enabling unauthenticated command injection. Impact: arbitrary OS command executi...

9.3CVSS8AI score0.435EPSS

Exploits0References4

Vulnrichment•added 2025/07/10 7:10 p.m.•2 views

CVE-2025-34099 VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password

9.3CVSS8AI score0.435EPSS

Exploits0References3

RedhatCVE•added 2025/07/04 10:5 a.m.•6 views

CVE-2025-27025

The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root...

8.8CVSS6.4AI score0.00732EPSS

Exploits0References1