CVE-2026-33663

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...

CVE-2026-32633

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...

EUVD-2024-29345

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-8031

The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2024-31463

The CVE-2024-31463 entry concerns Ironic-image in reverse proxy mode. When IRONIC_REVERSE_PROXY_SETUP is true, HTTP basic creds are validated in the HTTPD container and Ironic listens on a private port (6388) on localhost, enabling unauthenticated access to the Ironic API for pods/local users on ...

PT-2021-19918 · WordPress · Gatsby-Source-Wordpress

Name of the Vulnerable Software and Affected Versions: gatsby-source-wordpress versions prior to 4.0.8 and 5.9.2 Description: The gatsby-source-wordpress plugin leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. This issue affects users who initialize...

DEBIAN-CVE-2015-3236

cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...