Lucene search
K

324 matches found

RedhatCVE
RedhatCVE
added 2026/01/18 11:20 a.m.3 views

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS6.9AI score0.00611EPSS
Exploits1References1
Hacker One
Hacker One
added 2026/01/17 7:52 a.m.40 views

curl: libcurl: Improper Authentication State Management on Cross-Protocol Redirects

Following the recent advisory for CVE-2025-14524, I conducted an investigation into how libcurl manages OAuth2 credentials during complex redirect chains. I have confirmed that while the library successfully protects traditional user credentials, it fails to clear OAuth2 Bearer tokens in the same...

5.7CVSS7.4AI score0.01595EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

openSUSE 16 Security Update : curl (openSUSE-SU-2026:20031-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20031-1 advisory. This update for curl fixes the following issues: - CVE-2025-14017: broken TLS options for threaded LDAPS bsc1256105. - CVE-2025-14524: bearer...

6.3CVSS6.7AI score0.00679EPSS
Exploits3References15
OSV
OSV
added 2026/01/14 10:58 a.m.4 views

SUSE-SU-2026:20110-1 Security update for curl

This update for curl fixes the following issues: This update for curl fixes the following issues: - CVE-2025-14017: broken TLS options for threaded LDAPS bsc1256105. - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override...

6.3CVSS6.1AI score0.00679EPSS
Exploits3References11
OSV
OSV
added 2026/01/14 10:58 a.m.3 views

SUSE-SU-2026:20082-1 Security update for curl

This update for curl fixes the following issues: This update for curl fixes the following issues: - CVE-2025-14017: broken TLS options for threaded LDAPS bsc1256105. - CVE-2025-14524: bearer token leak on cross-protocol redirect bsc1255731. - CVE-2025-14819: libssh global knownhost override...

6.3CVSS5.8AI score0.00679EPSS
Exploits3References11
Microsoft CVE
Microsoft CVE
added 2026/01/09 9:9 a.m.3 views

bearer token leak on cross-protocol redirect

...

5.3CVSS5.4AI score0.00611EPSS
Exploits1
SUSE Linux
SUSE Linux
added 2026/01/08 12:21 p.m.2 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-14524: Fixed bearer token leak on cross-protocol redirect bsc1255731 CVE-2025-15079: Fixed unknown host connection acceptance when set in the global knownhostsfile bsc1255733 CVE-2025-14819: Fixed issue where alteration of...

6CVSS6.8AI score0.00679EPSS
Exploits2References12
OSV
OSV
added 2026/01/08 12:21 p.m.5 views

SUSE-SU-2026:0066-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-14524: Fixed bearer token leak on cross-protocol redirect bsc1255731 - CVE-2025-15079: Fixed unknown host connection acceptance when set in the global knownhostsfile bsc1255733 - CVE-2025-14819: Fixed issue where alteration of...

5.3CVSS5.8AI score0.00679EPSS
Exploits2References7
Snyk
Snyk
added 2026/01/08 10:45 a.m.3 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials during the cross-protocol redirect when OAuth2 bearer is used and username component is set in redirect-to URL. An attacker can obtain sensitive authentication credentials by triggering a...

6.5CVSS6.6AI score0.00611EPSS
Exploits1References2
NVD
NVD
added 2026/01/08 10:15 a.m.4 views

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS0.00611EPSS
Exploits1References4
OSV
OSV
added 2026/01/08 10:15 a.m.9 views

AZL-74207 CVE-2025-14524 affecting package cmake 3.30.3-11

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS6.1AI score0.00611EPSS
Exploits1References1
OSV
OSV
added 2026/01/08 10:15 a.m.7 views

ALPINE-CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS6.4AI score0.00611EPSS
Exploits1References1
OSV
OSV
added 2026/01/08 10:15 a.m.4 views

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS5.5AI score0.00611EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/01/08 10:7 a.m.4 views

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS5.9AI score0.00611EPSS
Exploits1
CVE
CVE
added 2026/01/08 10:7 a.m.42 views

CVE-2025-14524

CVE-2025-14524 affects curl: when an HTTP(S) transfer is redirected cross‑protocol to IMAP/LDAP/POP3/SMTP, the OAuth2 bearer token may be leaked to the new target. Root cause: credentials aren’t cleared for the OAuth2 bearer during redirect handling, while username/password are cleared. Several a...

5.3CVSS6.3AI score0.00611EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/01/08 10:7 a.m.27 views

CVE-2025-14524 bearer token leak on cross-protocol redirect

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

0.00611EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/08 10:7 a.m.2 views

CVE-2025-14524 bearer token leak on cross-protocol redirect

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

6.5AI score0.00611EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/01/08 10:7 a.m.3 views

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS6.6AI score0.00611EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.5 views

curl 安全漏洞

curl is a cURL open source tool for transferring data from or to a server. A security vulnerability exists in curl that stems from an OAuth2 bearer token being incorrectly passed during cross-protocol redirection...

5.3CVSS6.4AI score0.00611EPSS
Exploits1References5
Slackware Linux
Slackware Linux
added 2026/01/07 11:8 p.m.12 views

[slackware-security] curl

New curl packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-8.17.0-i586-1slack15.0.txz: Upgraded. This update fixes security issues: OpenSSL partial chain store policy bypass. bearer token le...

5.9CVSS6.8AI score0.00679EPSS
Exploits1
Rows per page
Query Builder