Lucene search
K

5 matches found

NVD
NVD
added 2026/06/19 7:16 p.m.8 views

CVE-2026-49336

@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...

6.9CVSS0.0065EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 6:19 p.m.18 views

CVE-2026-49336 @microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter

@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, bu...

6.9CVSS0.0065EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-51008

Name of the Vulnerable Software and Affected Versions @microsoft/kiota-http-fetchlibrary versions 1.0.0-preview.97 through 1.0.0-preview.101 Description The RedirectHandler in the library fails to properly remove sensitive headers during cross-origin redirects. While it is intended to strip...

6.9CVSS5.8AI score0.0065EPSS
Exploits0References9
NVD
NVD
added 2026/02/03 10:16 p.m.6 views

CVE-2026-25149

Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation permits attackers to craft convinci...

6.9CVSS0.00237EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 9:11 p.m.3 views

CVE-2026-25149 Qwik City Open Redirect via fixTrailingSlash

Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect users to arbitrary protocol-relative URLs. Successful exploitation permits attackers to craft convinci...

6.9CVSS5.6AI score0.00237EPSS
Exploits0References4
Rows per page
Query Builder