426 matches found
CVE-2026-32696 NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash — SIGSEGV, remotely triggerable
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...
PT-2026-29123
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http auth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...
GHSA-QM2M-28PF-HGJW OpenClaw: Gateway Plugin HTTP Auth Grants Unrestricted operator.admin Runtime Scope to All Callers
Summary Gateway Plugin HTTP auth: "gateway" Mints operator.admin Runtime Scope Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Gateway-authenticated plugin...
GHSA-P7M9-V2CM-2H7M HAPI FHIR HTTP authentication leak in redirects
Impact When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of...
CVE-2026-1965 bad reuse of HTTP Negotiate connection
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...
CVE-2026-1965
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...
CVE-2019-20138
The HTTP Authentication library before 2019-12-27 for Nim has weak password hashing because the default algorithm for libsodium's cryptopwhashstr is not used...
Security update for squid
This update for squid fixes the following issues: CVE-2025-62168: Fixed failure to redact HTTP authentication credentials in error handling leading to information disclosure bsc1252281 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
CLSA-2025-1763024537 squid: Fix of CVE-2025-62168
CVE-2025-62168: fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : Squid vulnerability (USN-7845-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7845-1 advisory. Leonardo Giovannini discovered that Squid failed to redact HTTP Authentication credentials in a...
EUVD-2015-4535
Malware in sbrugna...
EUVD-2010-0585
Malware in sbrugna...
EUVD-2019-10694
Malware in sbrugna...
EUVD-2015-3790
Malware in sbrugna...
EUVD-2019-17246
Malware in sbrugna...
EUVD-2019-13137
Malware in sbrugna...
EUVD-2020-27047
Malware in sbrugna...
EUVD-2021-16424
Malware in sbrugna...
EUVD-2002-0409
Malware in sbrugna...
EUVD-2007-4674
Malware in sbrugna...