Lucene search
K

5 matches found

CVE
CVE
added 2026/05/13 8:27 a.m.43 views

CVE-2026-5545

CVE-2026-5545 affects libcurl: a logical error in connection reuse can cause a request to a server usingNegotiate authentication with user1:password1 to be mistakenly sent over a connection still authenticated for user1 when a second operation tries to authenticate as user2:password2 on the same ...

6.5CVSS5.8AI score0.00414EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/21 8:9 p.m.8 views

CVE-2026-40910

frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...

9.1CVSS5.5AI score0.00269EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/03/11 10:9 a.m.7 views

CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

6.5CVSS7.2AI score0.00302EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2022/06/30 9:0 p.m.5 views

curl: OAUTH2 bearer bypass in connection re-use

A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials set for this transfer. This issue leads to an authentication bypass, either by mistake or by a malicious...

8.1CVSS7.1AI score0.01914EPSS
Exploits1References5
curl security advisories
curl security advisories
added 2016/01/27 8:0 a.m.9 views

NTLM credentials not-checked for proxy connection reuse

libcurl reuses NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. libcurl maintains a pool of connections after a transfer has completed. The pool of connections is then gone through when a ne...

7.3CVSS7.4AI score0.09327EPSS
Exploits0Affected Software2
Rows per page
Query Builder