Lucene search
K

1223 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/18 3:30 a.m.2 views

CVE-2026-33187

Further research determined the issue originates from a different product...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.16 views

Curl 7.10.6 < 8.19.0 Authentication Bypass

The version of curl installed on the remote host is 7.10.6 prior to 8.19.0. It is, therefore, affected by an authentication bypass vulnerability: - libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a po...

6.5CVSS7.1AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/16 3:30 p.m.2 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization in the authentication process. An attacker can change another user's account password without confirmation by falsely...

3.5CVSS5.8AI score0.00148EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 12:39 a.m.8 views

MAL-2026-1443 Malicious code in es-lint-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cb77bc53967094108e0dec0e00ddd13bef1d74b3482d959c28c4fc13753cd49 The package es-lint-builder was found to contain malicious code. Source: ghsa-malware e4f62649e3a09df9cabfd19d23538447b0d8762de9506c23c5b27c4a6882967...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/12 5:13 a.m.4 views

MAL-2026-1369 Malicious code in kinggupong (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e715c2381b97a44dc664b3fbb1faf1977b339bc9cc51ad7722b09e24caa2f63 The package kinggupong was found to contain malicious code. Source: ghsa-malware 47fb80c46fcfaba8da9b01d5f99700a8a98a138ce3936b2ed9393db423d5b718 Any...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/12 2:12 a.m.5 views

Malicious code in react-svg-anchor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e014ccf1aaf52a0f5ad92a977b2fb987b63be3ae7bdf8fa9b5f8813f68040344 The package react-svg-anchor was found to contain malicious code. Source: ghsa-malware d539493dcc209d4d478ffa4a5893cd5cd01ee1d994700b9492b651c8aeb372...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/11 6:0 p.m.5 views

UBUNTU-CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.5CVSS5.8AI score0.00259EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/11 12:43 p.m.2 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in url.c, when negotiating an HTTP or HTTPS connection. An attacker can gain unauthorized access to resources or perform actions with the privileges of another user by forcing the reuse of an...

7.6CVSS5.9AI score0.00259EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 11:15 a.m.2 views

DEBIAN-CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.5CVSS7.2AI score0.00259EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 10:9 a.m.3 views

CVE-2026-3784 wrong proxy connection reuse with credentials

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

5.8AI score0.00302EPSS
Exploits1References3
CVE
CVE
added 2026/03/11 10:9 a.m.20 views

CVE-2026-3784

CVE-2026-3784 affects curl where an HTTP proxy connection reused during a CONNECT request with different proxy credentials. This is the underlying issue described in the initial CVE entry: a separate connection should be used when credentials differ. Connected feeds indicate a patch is available ...

6.5CVSS5.8AI score0.00302EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/11 10:9 a.m.7 views

CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

5.8AI score0.00302EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/11 10:9 a.m.5 views

CVE-2026-3784 wrong proxy connection reuse with credentials

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

6.5CVSS6.8AI score0.00302EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2026/03/11 10:9 a.m.6 views

CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

6.5CVSS5.8AI score0.00302EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/11 10:8 a.m.4 views

CVE-2026-1965 bad reuse of HTTP Negotiate connection

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

5.8AI score0.00259EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/03/11 10:8 a.m.6 views

CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.5CVSS5.8AI score0.00259EPSS
Exploits0References2
curl security advisories
curl security advisories
added 2026/03/11 8:0 a.m.13 views

bad reuse of HTTP Negotiate connection

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.5CVSS7.2AI score0.00259EPSS
Exploits0Affected Software2
curl security advisories
curl security advisories
added 2026/03/11 8:0 a.m.22 views

wrong proxy connection reuse with credentials

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

6.5CVSS7.2AI score0.00302EPSS
Exploits1References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.3 views

PT-2026-24664

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description curl improperly reuses an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different credentials for the HTTP proxy. The expected behavi...

6.5CVSS6.8AI score0.00333EPSS
Exploits2References80
OSV
OSV
added 2026/03/06 10:16 p.m.6 views

AZL-79613 CVE-2026-27137 affecting package golang 1.25.7-1

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...

7.5CVSS7.3AI score0.00606EPSS
Exploits0References1
Rows per page
Query Builder