Lucene search
K

586 matches found

Cvelist
Cvelist
added yesterday15 views

CVE-2026-59180 Apprise forwards configured auth headers across cross-origin HTTP redirects

Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config loaders in apprise/attachment/http.py and apprise/config/http.py...

3.1CVSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago6 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS7.1AI score0.00527EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-7017

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect...

7.1CVSS6.1AI score0.0026EPSS
Exploits0References3
NVD
NVD
added 4 days ago8 views

CVE-2026-7017

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

7.1CVSS0.0026EPSS
Exploits0References6
Debian CVE
Debian CVE
added 4 days ago6 views

CVE-2026-7017

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

7.1CVSS6AI score0.0026EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.17 views

PT-2026-55464

Name of the Vulnerable Software and Affected Versions kerberos-io/agent versions prior to 3.6.26 Description An issue exists in the Kerberos Hub upload path where the agent sends credentials in the custom X-Kerberos-Hub-PrivateKey and X-Kerberos-Hub-PublicKey request headers to the...

6.9CVSS6AI score
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 11:9 a.m.6 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS6.1AI score0.00527EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 11:9 a.m.6 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

8.9CVSS6.6AI score0.0068EPSS
Exploits5References13
Cvelist
Cvelist
added 2026/06/30 10:11 p.m.26 views

CVE-2026-54673 electron-updater: Cross-origin redirect leaks `PRIVATE-TOKEN` and mixed-case `Authorization` credentials in `builder-util-runtime`

electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler HttpExecutor.prepareRedirectUrlOptions only stripped a credential header whose key string matched exactly lowercase "authorization", exposing credentials. Other credential-bearing headers —...

8.2CVSS0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-54019

Name of the Vulnerable Software and Affected Versions electron-updater versions prior to 9.7.0 Description The HTTP redirect handler HttpExecutor.prepareRedirectUrlOptions only removes credential headers that exactly match the lowercase string "authorization". Consequently, other credential-beari...

8.2CVSS5.9AI score0.00235EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/06/29 12:53 p.m.6 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS5.8AI score0.00527EPSS
Exploits0References5
AlmaLinux
AlmaLinux
added 2026/06/29 12:0 a.m.8 views

Important: python3.12-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.9CVSS6.1AI score0.0068EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 12:0 a.m.5 views

ALSA-2026:32992 Important: python3.12-urllib3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References6
OSV
OSV
added 2026/06/26 9:55 a.m.3 views

SUSE-SU-2026:22445-1 Security update for python-tornado6

This update for python-tornado6 fixes the following issues - CVE-2026-49853: authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient bsc1268395. - CVE-2026-49854: out-of-bounds memory access via C extension bsc1268396. - CVE-2026-49855: AsyncHTTPClient accumulates...

5.9AI score0.00052EPSS
Exploits0References7
OSV
OSV
added 2026/06/26 8:9 a.m.2 views

SUSE-SU-2026:22373-1 Security update for python-tornado6

This update for python-tornado6 fixes the following issues - CVE-2026-49853: authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient bsc1268395. - CVE-2026-49854: out-of-bounds memory access via C extension bsc1268396. - CVE-2026-49855: AsyncHTTPClient accumulates...

5.8AI score0.00052EPSS
Exploits0References7
OSV
OSV
added 2026/06/26 8:9 a.m.2 views

SUSE-SU-2026:22286-1 Security update for python-tornado6

This update for python-tornado6 fixes the following issues - CVE-2026-49853: authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient bsc1268395. - CVE-2026-49854: out-of-bounds memory access via C extension bsc1268396. - CVE-2026-49855: AsyncHTTPClient accumulates...

5.8AI score0.00052EPSS
Exploits0References7
OSV
OSV
added 2026/06/26 8:0 a.m.2 views

OPENSUSE-SU-2026:21067-1 Security update for python-tornado6

This update for python-tornado6 fixes the following issues - CVE-2026-49853: authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient bsc1268395. - CVE-2026-49854: out-of-bounds memory access via C extension bsc1268396. - CVE-2026-49855: AsyncHTTPClient accumulates...

5.8AI score0.00052EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

AlmaLinux 9 : python3.14-urllib3 (ALSA-2026:28157)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:28157 advisory. urllib3: urllib3: Denial of Service due to excessive HTTP response decompression CVE-2026-44432 urllib3: urllib3: Information disclosure via cross-origin...

8.9CVSS6.2AI score0.0068EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.7 views

AlmaLinux 9 : python-urllib3 (ALSA-2026:28158)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:28158 advisory. urllib3: urllib3: Denial of Service due to excessive HTTP response decompression CVE-2026-44432 urllib3: urllib3: Information disclosure via cross-origin...

8.9CVSS5.9AI score0.0068EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.8 views

AlmaLinux 9 : python3.12-urllib3 (ALSA-2026:28159)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:28159 advisory. urllib3: urllib3: Denial of Service due to excessive HTTP response decompression CVE-2026-44432 urllib3: urllib3: Information disclosure via cross-origin...

8.9CVSS6.2AI score0.0068EPSS
Exploits0References4
Rows per page
Query Builder