6 matches found
CVE-2025-58584 Plain Text Transmission of Username and Password in the URL
In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally...
PT-2025-40864
Name of the Vulnerable Software and Affected Versions affected versions not specified Description The username and password are sent directly in the URL as parameters within HTTP requests. This practice poses a significant risk of sensitive data disclosure, as URLs may be stored in server logs,...
Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2025-1848)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2020-15095
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...
The vulnerability of the software for interacting with servers via CURL, related to the disclosure of information, allows attackers to gain access to confidential data.
The vulnerability of the software for interacting with servers via CURL is related to the absence of a mechanism for deleting user credentials from the URL. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential data...
CVE-2017-7762
When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox 54...