CVE-2026-6734

A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from...

Fedora 44 : perl-libwww-perl (2026-8d1333fb52)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8d1333fb52 advisory. Changes: 6.83 2026-05-12 11:41:48Z - LWP::UserAgent now strips Authorization and Proxy-Authorization headers on cross-origin redirects a different scheme,...

DEBIAN-CVE-2026-40490

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled followRedirecttrue, versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...

CVE-2026-40490

The CVE-2026-40490 vulnerability affects AsyncHttpClient (AHC). In versions prior to 3.0.9 and 2.14.5, when redirect following is enabled, AHC forwards Authorization and Proxy-Authorization headers (and Realm credentials) to redirect targets across domains, enabling credential leakage via cross-o...

PT-2026-33219

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled followRedirecttrue, versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...

EUVD-2014-0018

Malware in sbrugna...

EUVD-2017-14229

Malware in sbrugna...

EUVD-2024-42515

Malicious code in bioql PyPI...

CVE-2024-47530

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...

Open Redirect

scoutbrowser is vulnerable to Open Redirect. The vulnerability is due to inadequate input validation and sanitization in the /login API endpoint, which does not properly handle the next parameter, and lack of scheme validation, which allows for both open redirects and HTTPS downgrade attacks...

CVE-2024-47530

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...

CVE-2024-47530 Scout contains an Open Redirect on Login via `next`

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...

CVE-2024-47530 Scout contains an Open Redirect on Login via `next`

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...

CVE-2024-47530

CVE-2024-47530 affects gstreamer-plugins-good in SUSE open advisories. The connected documents specify the vulnerability as an uninitialized stack memory issue in the Matroska/WebM demuxer, with multiple SUSE advisories (SUSE-SU-2025:0063-1, SUSE-SU-2025:0064-1, SUSE-SU-2025:0067-1) listing this ...

CVE-2024-47530 Scout contains an Open Redirect on Login via `next`

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...

GHSA-W248-FFJ2-4V5Q Fix failure to strip Authorization header on HTTP downgrade

Impact Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This is much the same as to how we don't forward on the heade...

Failure to strip the Cookie header on change in host or HTTP downgrade

Impact Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward...

Security Bulletin: IBM® Security SOAR could be vulnerable to a downgrade attack because of missing Strict-Transport-Security headers for some endpoints (CVE-2021-29785).

Summary IBM® Security SOAR, is missing Strict-Transport-Security headers for some endpoints that help prevent HTTPS downgrade attacks. This is addressed by upgrading IBM Security SOAR to the latest build of v43.1. Vulnerability Details CVEID: CVE-2021-29785 DESCRIPTION: IBM Resilient could allow ...

Code injection

cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java...

CVE-2017-17455

Summary of CVE-2017-17455 : Mahara versions 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to a MITM-induced redirect that forces users to interact with Mahara over HTTP rather than HTTPS, even when an SSL certificate is present. The description states the imp...