CVE-2026-44487 Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS Redirect in Axios Node.js HTTP Adapter

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is...

CVE-2026-41715

In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected versions: Reactor Netty 1.0.0 through 1.0.51;...

CVE-2026-41715

CVE-2026-41715 affects the Reactor Netty HTTP Client. When redirects are enabled, HTTP redirects from secure to insecure endpoints may leak credentials and expose sensitive data. Affected versions are Reactor Netty 1.0.0–1.0.51; 1.1.0–1.1.35; 1.2.0–1.2.17; 1.3.0–1.3.5. The provided documents do n...

CVE-2026-8109

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...

CVE-2018-25362

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

MAL-2026-4660 Malicious code in react-malicious-clone (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f03498aa5167e02289d4c8984282f6a1b6321af60fb9ff04d0ce9503faefffdd Package name impersonates React and the package.json copies React's description, homepage react.dev, bugs URL, and canary versioning scheme. On...

Exploit for Path Traversal in Fortinet Fortiproxy

CVE-2018-13379 — Mass Exploit for Fortine...

Joomla Component Ek Rishta SQL注入漏洞

The Joomla Component Ek Rishta is a Joomla-based dating and networking website component developed by the Ek Rishta team. Version 2.10 of the Ek Rishta component contains an SQL injection vulnerability. This vulnerability arises from the injection of malicious code through the username parameter,...

📄 ZTE ZXHN H168N 3.6 Credential Leak / Admin Compromise

ZTE ZXHN H168N version 3.5 suffers from a password leak vulnerability that leads to full administrative compromise. Title: ZTE ZXHN H168N V3.5 - Unauthenticated Wizard Credential Leak to Full Admin Compromise Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE: CVE-2021-21735 Vendor: ZT...

Security update for git-bug (important)

openSUSE Security Update: Security update for git-bug Announcement ID: openSUSE-SU-2026:0171-1 Rating: important References: 1253506 1253930 1254084 1264955 1265416 Cross-References: CVE-2025-47913 CVE-2025-47914 CVE-2025-58181 CVE-2026-1229 CVE-2026-41506 CVSS scores: CVE-2025-47913 SUSE: 8.7...

netrc credential leak with reused proxy connection

...

PT-2026-41208

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description An issue exists where the encryptedData field is not stripped from the response when credentials are fetched using a credentialName filter parameter. While the system correctly omits this field when ...

CVE-2026-6429

CVE-2026-6429 affects curl/libcurl. When both a .netrc credentials usage and HTTP redirects are requested, the first-host password could be leaked to the redirected host. The issue is characterized in CVE lists as a netrc credential leak with reused proxy connection. Connected advisories (e.g., S...

CVE-2026-6429 netrc credential leak with reused proxy connection

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

SUSE CVE-2026-43394

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsdnllistenersetdoit. nfsdnllistenersetdoit uses getcurrentcred without putcred. As we can see from other callers, svcxprtcreatefromsa does not require the extra refcount. nfsdnllistenersetdoit is alwa...

CVE-2026-43394

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsdnllistenersetdoit. nfsdnllistenersetdoit uses getcurrentcred without putcred. As we can see from other callers, svcxprtcreatefromsa does not require the extra refcount. nfsdnllistenersetdoit is alwa...

CVE-2026-43394

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsdnllistenersetdoit. nfsdnllistenersetdoit uses getcurrentcred without putcred. As we can see from other callers, svcxprtcreatefromsa does not require the extra refcount. nfsdnllistenersetdoit is alwa...

CVE-2026-41506

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....

CVE-2026-41506 go-git Credential leak via cross-host redirect in smart HTTP transport

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....

CVE-2026-41506

go-git is vulnerable to credential leakage during smart-HTTP redirects in clone/fetch operations prior to versions 5.18.0 and 6.0.0-alpha.2. The issue, a cross-host redirect exposure, has been patched in 5.18.0 and 6.0.0-alpha.2. Impact is a potential exposure of HTTP credentials during redirects...