Lucene search
+L

687 matches found

OSV
OSV
added 2026/05/15 8:32 a.m.10 views

CLSA-2026-1778811697 wget: Fix of CVE-2021-31879

CVE-2021-31879: do not propagate Authorization/Cookie headers across HTTP 3xx redirects openSUSE patch...

6.1CVSS6.9AI score0.01104EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.22 views

Debian dla-4583 : idle-python3.9 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4583 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4583-1 [email protected]...

7.5CVSS6.6AI score0.00621EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2026/05/14 3:58 p.m.7 views

CVE-2026-44503 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

7CVSS5.8AI score0.00505EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 3:58 p.m.3 views

CVE-2026-44503 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

7CVSS6AI score0.00505EPSS
Exploits0References3
OSV
OSV
added 2026/05/11 9:31 p.m.9 views

GHSA-G2WM-735Q-3F56 cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

3.2CVSS5.9AI score0.00145EPSS
Exploits0References5
CVE
CVE
added 2026/05/11 7:4 p.m.17 views

CVE-2026-42874

CVE-2026-42874 affects Microdot prior to version 2.6.1, where Response.set_cookie() does not sanitize string arguments and fails to detect the CRLF sequence, enabling HTTP header injection via cookie storage. Exploitation requires the attacker to first compromise a client (e.g., through a separat...

3.7CVSS5.8AI score0.00215EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/11 7:4 p.m.14 views

CVE-2026-42874 Microdot: HTTP response splitting in Response.set_cookie()

Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection...

3.7CVSS5.8AI score0.00215EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 6:6 p.m.26 views

CVE-2026-43969

CVE-2026-43969 affects the Erlang/Elixir cowlib project (cow_cookie:cookie/1). The encoder builds a client-side Cookie header from name-value pairs without validating characters, allowing an attacker-controlled cookie name or value to inject CR, LF, semicolon, comma, or TAB. This enables cookie s...

3.2CVSS6AI score0.00145EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/11 2:51 p.m.11 views

Insertion of Sensitive Information Into Sent Data

Overview urllib3 is a HTTP library with thread-safe connection pooling, file post, and more. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in urlopen when using ProxyManager.connectionfromurl with assertsamehost=False, directly rather than v...

8.2CVSS5.8AI score0.00527EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.9 views

Unity Linux 20.1070e Security Update: future (UTSA-2026-017344)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017344 advisory. An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious we...

7.5CVSS5.9AI score0.01804EPSS
Exploits1References4
OSV
OSV
added 2026/05/07 4:59 a.m.13 views

CLSA-2026-1778129970 python3.11: Fix of 7 CVEs

CVE-2026-0672: reject control characters in http.cookies cookie names, values, and parameters to prevent header injection - CVE-2026-3644: reject control characters in Morsel.update, |= operator, and unpickling paths missed by CVE-2026-0672; add output validation to BaseCookie.jsoutput -...

7.5CVSS6.4AI score0.00575EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/07 1:49 a.m.8 views

NPM: Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

NPM: Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect vulnerability discovered by ? in WordPress Npm kiota-typescript versions 1.0.0-preview.100...

7CVSS5.8AI score0.00505EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/07 1:49 a.m.5 views

GHSA-7J59-V9QR-6FQ9 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

Summary The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. This vulnerability is present in the RedirectHandlers...

7CVSS5.9AI score0.00505EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.9 views

PT-2026-39665

Name of the Vulnerable Software and Affected Versions urllib3 versions 1.23 through 2.6.x Description Sensitive headers, specifically Authorization, Cookie, and Proxy-Authorization, are forwarded during cross-origin redirects when using the low-level API via ProxyManager.connection from...

8.2CVSS5.8AI score0.00527EPSS
Exploits0References381
Github Security Blog
Github Security Blog
added 2026/05/04 7:26 p.m.8 views

Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service

Summary There is a medium severity information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the original request's complete header set, including Authorization, Cookie,...

6.9CVSS5.9AI score0.00445EPSS
Exploits1References6Affected Software2
Snyk
Snyk
added 2026/05/04 7:26 p.m.7 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the errors middleware process. An attacker can obtain sensitive authentication headers, such as Authorization and Cookie, by triggering a backend response that matches the configured...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:26 p.m.8 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the errors middleware process. An attacker can obtain sensitive authentication headers, such as Authorization and Cookie, by triggering a backend response that matches the configured...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:26 p.m.11 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the errors middleware process. An attacker can obtain sensitive authentication headers, such as Authorization and Cookie, by triggering a backend response that matches the configured...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References2
OSV
OSV
added 2026/05/04 7:26 p.m.6 views

GHSA-P6HG-QH38-555R Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service

Summary There is a medium severity information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the original request's complete header set, including Authorization, Cookie,...

6.9CVSS5.9AI score0.00445EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:50 p.m.9 views

Security Bulletin:Flask Vary Cookie Header Vulnerability: Use of Cache Containing Sensitive Information Fixed in 3.1.3

Summary Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not t...

4.3CVSS5.8AI score0.00374EPSS
Exploits0Affected Software1
Rows per page
Query Builder