Lucene search
K

24 matches found

Snyk
Snyk
added 2026/07/03 8:16 a.m.7 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the process of reusing a handle for sequential transfers with environment-variable proxy configuration. An attacker can cause sensitive authentication headers to be sent to an...

9.1CVSS6AI score0.00752EPSS
Exploits1References2
NVD
NVD
added 2026/07/03 7:16 a.m.7 views

CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS0.00752EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.14 views

libcurl 7.10.6 < 8.21.0 Cross-Origin Digest Auth State Leak

The version of libcurl installed on the remote host is 7.10.6 prior to 8.21.0. It is, therefore, affected by a credential disclosure vulnerability: - Successfully using libcurl with Digest authentication and then changing the origin to a different host for a second transfer, reusing the same...

9.8CVSS6AI score0.01064EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51750

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description When reusing a handle for sequential transfers driven by environment-variable proxy configuration, the software fails to clear the proxy authentication state between requests. If an initial...

9.8CVSS5.8AI score0.0108EPSS
Exploits6References48
OSV
OSV
added 2026/06/15 8:37 p.m.12 views

GHSA-PW6J-QG29-8W7F Tornado: CurlAsyncHTTPClient leaks per-request credentials on handle reuse

CurlAsyncHTTPClient leaks per-request credentials on handle reuse Summary CurlAsyncHTTPClient pools and reuses pycurl handles across requests but does not reset them between requests, and several per-request options are applied with no clearing branch. As a result, sensitive state set by one...

5.9CVSS5.4AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:37 p.m.17 views

Tornado: CurlAsyncHTTPClient leaks per-request credentials on handle reuse

CurlAsyncHTTPClient leaks per-request credentials on handle reuse Summary CurlAsyncHTTPClient pools and reuses pycurl handles across requests but does not reset them between requests, and several per-request options are applied with no clearing branch. As a result, sensitive state set by one...

5.4AI score
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2026/06/10 5:0 a.m.10 views

curl: CVE-2026-11856: cross-origin Digest auth state leak

Summary: This issue is the HTTP sibling to the previously disclosed RTSP Digest auth leak. When an application uses libcurl and reuses the same easy handle for sequential transfers the documented best practice, the Digest authentication state captured from the first origin is silently sent to the...

9.8CVSS5.9AI score0.01064EPSS
Exploits1
Hacker One
Hacker One
added 2026/06/02 9:49 a.m.27 views

curl: RTSP Digest auth state leaks across origins on reused libcurl easy handle

Summary When a reused libcurl easy handle first authenticates to one RTSP origin with Digest authentication and is then switched to a different RTSP origin, libcurl can send the old origin's Digest authentication state to the new origin. The second RTSP server does not need to send a...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper lifecycle management of the IRQ handling and the powersupply handle in the ab8500 power...

5.7AI score0.0016EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper order of IRQ requests and the allocation of the powersupply handle in the power...

5.8AI score0.00159EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper order of IRQ requests and the allocation of the powersupply handle in the power...

5.8AI score0.0016EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/13 8:28 a.m.8 views

CVE-2026-6276 stale custom cookie host causes cookie leak

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...

5.8AI score0.00291EPSS
Exploits1References3
CVE
CVE
added 2026/05/13 8:28 a.m.56 views

CVE-2026-6276

CVE-2026-6276 affects libcurl: if a custom Host header is initially set for an HTTP request and a subsequent request on the same easy handle is made without the Host header, the second request can reuse stale host information and leak cookies intended for the first host. The issue manifests as a ...

7.5CVSS5.8AI score0.00291EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/05/13 8:28 a.m.27 views

EUVD-2026-29928

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...

7.5CVSS5.8AI score0.00291EPSS
Exploits1References3
OSV
OSV
added 2026/05/04 1:12 p.m.7 views

JLSEC-2026-396

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

9.8CVSS7.2AI score0.04325EPSS
Exploits1References22
OSV
OSV
added 2026/05/04 1:12 p.m.7 views

JLSEC-2026-410

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

5.3CVSS6.6AI score0.02211EPSS
Exploits1References24
OSV
OSV
added 2026/04/29 2:0 p.m.4 views

UBUNTU-CVE-2026-6276

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second reques...

7.5CVSS5.8AI score0.00291EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.7 views

PT-2026-35898

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When using libcurl to perform a transfer over a specific HTTP proxy proxyA with Digest authentication and subsequently changing the proxy host to a second one proxyB while reusing the same handl...

7.5CVSS5.2AI score0.00471EPSS
Exploits2References51
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.5 views

Siemens Ruggedcom ROX Missing Encryption of Sensitive Data (CVE-2023-28322)

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

5.3CVSS6.2AI score0.02211EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/08/21 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse of GEM handle creation in the drm/virtio component...

4.7CVSS6.3AI score0.00233EPSS
Exploits0References9
Rows per page
Query Builder