CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

93 matches found

RedhatCVE•added 2026/01/09 11:47 a.m.•7 views

CVE-2010-0101

The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service operating system halt via a malformed HTTP Authorization header...

7.8CVSS7AI score0.00491EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:57 a.m.•5 views

CVE-2020-12624

The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions...

6.5CVSS7AI score0.00468EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2013-3030

Malware in sbrugna...

8.3CVSS6.4AI score0.00525EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-4925

Malware in sbrugna...

6.5CVSS6.6AI score0.00468EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-0131

Malware in sbrugna...

7.5CVSS7AI score0.00198EPSS

Exploits2References26

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2002-0561

Malware in sbrugna...

5CVSS6.4AI score0.02582EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2024-3215

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00336EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-5343

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00749EPSS

Exploits0References5

Cvelist•added 2025/08/03 12:0 a.m.•6 views

CVE-2025-54956

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...

3.2CVSS0.00106EPSS

Exploits0References3

RedhatCVE•added 2025/05/22 8:35 a.m.•5 views

CVE-2019-19703

In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location...

6.1CVSS6.8AI score0.00004EPSS

Exploits1References1

OSV•added 2025/05/09 12:7 a.m.•1 views

SUSE-SU-2025:1519-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing content bsc1240750 - CVE-2025-32050: Fixed Integer overflow in appendparamquoted bsc1240752 - CVE-2025-32052: Fixed heap buffer overflow in sniffunknown...

7.4CVSS7.1AI score0.00472EPSS

Exploits1References17

OSV•added 2025/05/07 2:38 p.m.•2 views

SUSE-SU-2025:1510-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 - CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 - CVE-2025-32051: Fixed segmentation fault when parsing malformed dat...

7.5CVSS7.1AI score0.00472EPSS

Exploits1References29

OSV•added 2025/05/02 6:18 a.m.•4 views

BIT-MOODLE-2024-43432 Moodle: authorization headers preserved between "emulated redirects"

A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs...

5.3CVSS5.3AI score0.00336EPSS

Exploits0References3

OSV•added 2025/05/01 5:57 a.m.•7 views

BIT-MOODLE-2024-38275 moodle: HTTP authorization header is preserved between "emulated redirects"

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs...

7.5CVSS7.4AI score0.00546EPSS

Exploits0References2

Veracode•added 2024/12/04 8:28 a.m.•5 views

Open Redirection

Moodle is vulnerable to Open Redirection. The vulnerability is due to the cURL wrapper in Moodle retaining original request headers during emulated redirects, potentially causing HTTP authorization header information to be unintentionally sent to redirect URLs...

5.3CVSS6.3AI score0.00336EPSS

Exploits0References5Affected Software1

NVD•added 2024/11/11 1:15 p.m.•8 views

CVE-2024-43432

5.3CVSS0.00336EPSS

Exploits0References2

OSV•added 2024/11/11 1:15 p.m.•3 views

CVE-2024-43432

5.3CVSS6.2AI score

Exploits0References2

CVE•added 2024/11/11 12:16 p.m.•54 views

CVE-2024-43432

CVE-2024-43432 affects Moodle due to the cURL wrapper stripping HTTPAUTH and USERPWD headers during emulated redirects, while other headers remain intact. This can cause HTTP authorization header information to be unintentionally sent to redirect URLs. Connected sources (GitHub and OSV/Nessus ent...

5.3CVSS5AI score0.00336EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/11/11 12:16 p.m.•20 views

CVE-2024-43432 Moodle: authorization headers preserved between "emulated redirects"

5.3CVSS0.00336EPSS

Exploits0References2

Tenable Nessus•added 2024/10/09 12:0 a.m.•17 views

CentOS 7 : python-virtualenv (RHSA-2020:2081)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2081 advisory. - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect...

9.8CVSS7.1AI score0.00656EPSS

Exploits3References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by