Lucene search
K

32 matches found

OSV
OSV
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-9079

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS6AI score0.01064EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53957

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description The voice mode contains improper shared-state handling, which allows API clients to be reused across tenant boundaries. An authenticated attacker can manipulate the cache state, causin...

9.6CVSS6AI score0.00201EPSS
Exploits0References5
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.10 views

stale proxy password leak

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS5.8AI score0.01064EPSS
Exploits1References1Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.10 views

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

8.5CVSS5.4AI score0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 6:30 p.m.10 views

EUVD-2026-29924

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

7.5CVSS5.8AI score0.00549EPSS
Exploits1References5
OSV
OSV
added 2026/05/13 8:28 a.m.2 views

CVE-2026-6429 netrc credential leak with reused proxy connection

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.3CVSS7.1AI score0.00519EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.10 views

Fedora 44 : curl (2026-f13d888b0f)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f13d888b0f advisory. - Fix bad reuse of HTTP Negotiate connection CVE-2026-1965 - Fix token leak with redirect and netrc CVE-2026-3783 - Fix wrong proxy connection reuse...

7.5CVSS7.2AI score0.00715EPSS
Exploits4References5
Vulnrichment
Vulnrichment
added 2026/04/22 12:0 a.m.6 views

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

5.7AI score0.00213EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/20 12:0 a.m.8 views

Fedora 43 : curl (2026-66db242036)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-66db242036 advisory. - Fix bad reuse of HTTP Negotiate connection CVE-2026-1965 - Fix token leak with redirect and netrc CVE-2026-3783 - Fix wrong proxy connection reuse...

7.5CVSS7.2AI score0.00715EPSS
Exploits4References5
OSV
OSV
added 2026/03/20 9:37 a.m.2 views

SUSE-SU-2026:20918-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

7.5CVSS7.2AI score0.00715EPSS
Exploits4References9
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.4 views

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2026:0911-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0911-1 advisory. - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect...

7.5CVSS7.2AI score0.00715EPSS
Exploits4References13
OSV
OSV
added 2026/03/18 8:52 a.m.4 views

SUSE-SU-2026:0921-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364...

6.5CVSS5.8AI score0.00333EPSS
Exploits2References7
OSV
OSV
added 2026/03/17 7:56 p.m.3 views

SUSE-SU-2026:0911-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

7.5CVSS5.8AI score0.00715EPSS
Exploits4References9
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.6 views

SUSE SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2026:0885-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0885-1 advisory. - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and net...

7.5CVSS7.2AI score0.00715EPSS
Exploits4References13
SUSE Linux
SUSE Linux
added 2026/03/12 2:50 p.m.5 views

Security update for curl

This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. CVE-2026-3805: use after free in SMB connection...

7.5CVSS5.8AI score0.00715EPSS
Exploits4References16
OSV
OSV
added 2026/03/12 2:50 p.m.1 views

SUSE-SU-2026:0885-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

7.5CVSS5.8AI score0.00715EPSS
Exploits4References9
SUSE Linux
SUSE Linux
added 2026/03/12 10:4 a.m.4 views

Security update for curl

This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. CVE-2026-3805: use after free in SMB connection...

7.5CVSS5.8AI score0.00715EPSS
Exploits4References16
OSV
OSV
added 2026/03/12 10:4 a.m.3 views

SUSE-SU-2026:20668-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

7.5CVSS5.8AI score0.00715EPSS
Exploits4References9
Microsoft CVE
Microsoft CVE
added 2026/03/12 8:1 a.m.8 views

wrong proxy connection reuse with credentials

...

6.5CVSS5.8AI score0.00302EPSS
Exploits1
Hacker One
Hacker One
added 2026/03/04 1:29 p.m.13 views

curl: CVE-2026-3784: wrong proxy connection reuse with credentials

Summary libcurl may reuse an existing HTTP proxy CONNECT tunnel without matching proxy credentials when selecting a reusable connection. In lib/url.c, urlmatchproxyuse calls proxyinfomatches lib/url.c:930-935 → lib/url.c:589-595, and that matcher compares proxy type, host, and port but does not...

6.5CVSS5.8AI score0.00302EPSS
Exploits1
Rows per page
Query Builder