Lucene search
+L

220 matches found

osv
osv
added 2 days ago2 views

SUSE-SU-2026:2962-1 Security update for perl-libwww-perl

This update for perl-libwww-perl fixes the following issue - CVE-2026-8368: LWP: UserAgent: Authorization and Proxy-Authorization headers are leaked on cross-origin redirects bsc1265156...

6.5CVSS6.1AI score0.00266EPSS
Exploits0References3
cvelist
cvelist
added 2 days ago24 views

CVE-2026-15075

In Eclipse Vert.x versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, DefaultRedirectHandler vertx-core propagates all request headers as-is across cross-origin HTTP 30x redirects. Only Content-Length is stripped; no origin comparison scheme, host, port is performed before copyin...

8.2CVSS0.00141EPSS
Exploits0References1
cve
cve
added 2 days ago22 views

CVE-2026-15075

CVE-2026-15075 affects Eclipse Vert.x up to 4.5.29 (4.x) and 5.1.4 (5.x). The DefaultRedirectHandler in vertx-core forwards all request headers across cross-origin HTTP 30x redirects, stripping only Content-Length. No origin check is performed before copying headers to the redirect target. This a...

8.2CVSS6.2AI score0.00141EPSS
Exploits0References1Affected Software1
ibm
ibm
added 3 days ago7 views

Security Bulletin: Vulnerability in follow-redirects bundled with IBM Fusion and IBM Fusion HCI

Summary IBM Fusion and IBM Fusion HCI include the follow-redirects library, which is affected by an information exposure vulnerability. CVE-2026-40895 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules...

7.5CVSS7AI score0.00486EPSS
Exploits0Affected Software2
susecve
susecve
added 6 days ago4 views

SUSE CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

5.3CVSS6.1AI score0.00752EPSS
Exploits1References9
nessus
nessus
added 6 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-59180

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0,...

3.1CVSS6.1AI score0.00195EPSS
Exploits0References3
euvd
euvd
added 2026/07/06 8:5 a.m.8 views

EUVD-2026-41837

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...

7.5CVSS6AI score0.00536EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.12 views

PT-2026-55901

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the Apache Camel DNS component leads to Server-Side Request Forgery SSR...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References7
nvd
nvd
added 2026/07/03 7:16 a.m.7 views

CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS0.00752EPSS
Exploits1References3
osv
osv
added 2026/07/03 7:16 a.m.3 views

ALPINE-CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS6AI score0.00752EPSS
Exploits1References1
alpinelinux
alpinelinux
added 2026/07/03 6:18 a.m.7 views

CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

7.5CVSS5.9AI score0.00652EPSS
Exploits1References3
cve
cve
added 2026/07/03 6:18 a.m.23 views

CVE-2026-9546

CVE-2026-9546 is a libcurl vulnerability where the HTTP Referer header persists after CURLOPT_REFERER is cleared, due to an internal state not being cleared. Affected versions are prior to 8.21.0 (e.g., 8.18.0). This can cause leakage of the previous referrer to subsequent requests. The practical...

7.5CVSS5.9AI score0.00652EPSS
Exploits1References3Affected Software1
euvd
euvd
added 2026/07/03 6:18 a.m.7 views

EUVD-2026-41494

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

6AI score0.00652EPSS
Exploits1References3
cvelist
cvelist
added 2026/07/03 6:16 a.m.50 views

CVE-2026-8927 env-set cross-proxy Digest auth state leak

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

0.00752EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/07/03 6:16 a.m.8 views

CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS5.9AI score0.00752EPSS
Exploits1References3
euvd
euvd
added 2026/07/03 6:16 a.m.7 views

EUVD-2026-41508

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

5.9AI score0.00752EPSS
Exploits1References3
cvelist
cvelist
added 2026/07/03 6:13 a.m.88 views

CVE-2026-11856 cross-origin Digest auth state leak

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

0.01064EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/07/03 6:13 a.m.7 views

CVE-2026-11856

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

9.8CVSS6AI score0.01064EPSS
Exploits1References3
osv
osv
added 2026/07/02 1:54 p.m.4 views

SUSE-SU-2026:2726-1 Security update for python-tornado

This update for python-tornado fixes the following issues - CVE-2026-49853: authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient bsc1268395. - CVE-2026-49854: out-of-bounds memory access via C extension bsc1268396. - CVE-2026-49855: AsyncHTTPClient accumulates...

7.7CVSS5.9AI score0.00691EPSS
Exploits0References7
osv
osv
added 2026/06/26 9:55 a.m.3 views

SUSE-SU-2026:22445-1 Security update for python-tornado6

This update for python-tornado6 fixes the following issues - CVE-2026-49853: authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient bsc1268395. - CVE-2026-49854: out-of-bounds memory access via C extension bsc1268396. - CVE-2026-49855: AsyncHTTPClient accumulates...

7.7CVSS5.9AI score0.00691EPSS
Exploits0References7
Rows per page
Query Builder