57835 matches found
Tornado: CurlAsyncHTTPClient leaks per-request credentials on handle reuse
CurlAsyncHTTPClient leaks per-request credentials on handle reuse Summary CurlAsyncHTTPClient pools and reuses pycurl handles across requests but does not reset them between requests, and several per-request options are applied with no clearing branch. As a result, sensitive state set by one...
Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows
Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as \attacker.com\share reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...
aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges
Summary DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. Impact If the client follows a redirect the default option to an attacker controlled domain, the attacker may be able to extract the auth digest. This likely requires an open redirect...
GHSA-QXH6-94W6-9R5P @angular/service-worker: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker
An information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Service Worker fetches assets, it preserves metadata such as headers from the original request. However, on cross-origin redirects, the Service Worker fails to strip sensitive...
Malicious code in bodega-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75aea05ceba339fbc9f0764e178d0cac8170219115218d635b14639ec01410a4 package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identifiers os.hostname,...
GHSA-95QP-CMMW-MGQV @angular/service-worker: Request Credential & Cache Policy Stripping
An issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During thi...
@angular/service-worker: Request Credential & Cache Policy Stripping
An issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During thi...
MAL-2026-5789 Malicious code in claude-cup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c369ccf7b5e0ef8721b5ecdc94bd843ce260923394f6c513350a58928abdbdd3 On first invocation of npx claude-cup and on every subsequent Claude Code tool call once hooks are installed, research/config-audit.js enumerates eve...
CVE-2026-20262 Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...
MAL-2026-5781 Malicious code in portal-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5aca21d0e952f5ba313432cf5d47e41f185d19e65d894a005cce20be90d4985 On npm install, the package's preinstall hook executes postinstall.js, which enumerates process.env and filters keys matching a broad credential-shap...
MAL-2026-5784 Malicious code in vaults-monitor-cron (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b81c6b9e59e86c40858cb47e91d597b3776fea71def7feb3ca11833625fa3923 On npm install, the package's preinstall hook node postinstall.js || true executes automatically. The script collects hostname, username, and current...
WordPress Video Conferencing with Zoom plugin <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure vulnerability
Missing Authorization to Unauthenticated Zoom SDK Credential Exposure vulnerability discovered by aetta in WordPress Plugin Video Conferencing with Zoom versions = 4.6.7...
Chromium: CVE-2026-12008 Use after free DigitalCredentials
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-6517 Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed
Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...
CVE-2026-6517
Mattermost Desktop App (versions ≤ 6.1 5.5.13.0) fails to restrict the allow list of domains to which NTLM credentials are forwarded. The underlying issue enables any server user, without the image proxy enabled, to intercept other users’ credentials via embedding an image that routes to an exter...
CVE-2026-34023 Broken WebSocket authorization in Wertheim SafeController Software allows cross-branch access to restricted functions
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket...
Information Exposure
Axios is vulnerable to Information Exposure. The vulnerability is due to improper handling of the Proxy-Authorization header in the Node.js HTTP adapter, where proxy credentials can be forwarded to a redirected destination during certain proxy-to-direct redirect flows, allowing an...
PT-2026-49563
An issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During thi...
PT-2026-49560
An issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During thi...
PT-2026-49554
Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as attacker.comshare reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...