1223 matches found
CVE-2026-33187
Further research determined the issue originates from a different product...
Curl 7.10.6 < 8.19.0 Authentication Bypass
The version of curl installed on the remote host is 7.10.6 prior to 8.19.0. It is, therefore, affected by an authentication bypass vulnerability: - libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a po...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization in the authentication process. An attacker can change another user's account password without confirmation by falsely...
MAL-2026-1443 Malicious code in es-lint-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cb77bc53967094108e0dec0e00ddd13bef1d74b3482d959c28c4fc13753cd49 The package es-lint-builder was found to contain malicious code. Source: ghsa-malware e4f62649e3a09df9cabfd19d23538447b0d8762de9506c23c5b27c4a6882967...
MAL-2026-1369 Malicious code in kinggupong (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e715c2381b97a44dc664b3fbb1faf1977b339bc9cc51ad7722b09e24caa2f63 The package kinggupong was found to contain malicious code. Source: ghsa-malware 47fb80c46fcfaba8da9b01d5f99700a8a98a138ce3936b2ed9393db423d5b718 Any...
Malicious code in react-svg-anchor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e014ccf1aaf52a0f5ad92a977b2fb987b63be3ae7bdf8fa9b5f8813f68040344 The package react-svg-anchor was found to contain malicious code. Source: ghsa-malware d539493dcc209d4d478ffa4a5893cd5cd01ee1d994700b9492b651c8aeb372...
UBUNTU-CVE-2026-1965
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...
Authentication Bypass by Primary Weakness
Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in url.c, when negotiating an HTTP or HTTPS connection. An attacker can gain unauthorized access to resources or perform actions with the privileges of another user by forcing the reuse of an...
DEBIAN-CVE-2026-1965
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...
CVE-2026-3784 wrong proxy connection reuse with credentials
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...
CVE-2026-3784
CVE-2026-3784 affects curl where an HTTP proxy connection reused during a CONNECT request with different proxy credentials. This is the underlying issue described in the initial CVE entry: a separate connection should be used when credentials differ. Connected feeds indicate a patch is available ...
CVE-2026-3784
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...
CVE-2026-3784 wrong proxy connection reuse with credentials
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...
CVE-2026-3784
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...
CVE-2026-1965 bad reuse of HTTP Negotiate connection
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...
CVE-2026-1965
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...
bad reuse of HTTP Negotiate connection
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...
wrong proxy connection reuse with credentials
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...
PT-2026-24664
Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description curl improperly reuses an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different credentials for the HTTP proxy. The expected behavi...
AZL-79613 CVE-2026-27137 affecting package golang 1.25.7-1
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...