SUSE-SU-2026:2065-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects bsc1265267...

SUSE-SU-2026:21728-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects bsc1265267...

CVE-2026-33180

A flaw was found in HAPI FHIR, a Java implementation of the HL7 FHIR standard. When the internal HTTP client follows redirects HTTP 30X response codes, it can inadvertently send sensitive HTTP headers, such as authentication tokens, to unintended third-party hosts. This information disclosure cou...

CVE-2025-9908 Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers such as X-Trusted-Proxy and X-Envoy- and event stream URLs via crafted requests and job...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2025:23069)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23069 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

elasticsearch: executing async search improperly stores HTTP headers leading to information disclosure

Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in...

Design/Logic Flaw

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...

Apache Traffic Server sslheader plugin information disclosure vulnerability

Apache Traffic Server is the United States Apache Software Foundation set of scalable HTTP proxy and caching server . Apache Traffic Server suffers from an information disclosure vulnerability that stems from the sslheaders plugin extracting information from client certificates and setting header...