Lucene search
K

520 matches found

RedHat Linux
RedHat Linux
added last week6 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS7.1AI score0.00527EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 9:0 a.m.1 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS6.3AI score0.00527EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 2:15 p.m.5 views

CVE-2026-13574

A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on th...

4.8CVSS5.8AI score0.00124EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/06/18 9:36 a.m.2 views

OPENSUSE-SU-2026:21078-1 Security update for python-ecdsa

This update for python-ecdsa fixes the following issue: - CVE-2026-33936: issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions bsc1261009...

5.3CVSS5.7AI score0.00476EPSS
Exploits1References2
Fedora
Fedora
added 2026/06/17 8:44 a.m.10 views

[SECURITY] Fedora 44 Update: ldns-1.9.2-1.fc44

ldns is a library with the aim to simplify DNS programming in C. All low-level DNS/DNSSEC operations are supported. We also define a higher level API which allows a programmer to for instance create or sign packets...

8.2CVSS5.2AI score0.00147EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/07 1:11 a.m.1 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS6.3AI score0.00527EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/07 12:53 a.m.1 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS6.3AI score0.00527EPSS
Exploits0References5
OSV
OSV
added 2026/06/05 3:48 p.m.8 views

OESA-2026-2543 python-pip security update

%changelog Thu May 14 2026 markeryang [email protected] - 23.3.1-11 - Fix CVE-2026-3219 Security Fixes: When following cross-origin redirects for requests made using urllib3's high-level APIs, such as urllib3.request, PoolManager.request, and ProxyManager.request, sensitive headers — Authorization...

8.2CVSS5.5AI score0.00527EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/04 7:32 p.m.89 views

binary-exploitation-labs-Application-security-ctf-writeups

binary-exploitation-labs-Application-security-ctf-writeups...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/05/29 5:22 p.m.8 views

SQL Injection

Overview bolt/bolt is a sophisticated, lightweight & simple CMS. Affected versions of this package are vulnerable to SQL Injection via the order parameter in content listing pages through the OrderDirective component. An attacker can extract sensitive information from the database by injecting...

8.8CVSS5.9AI score0.00241EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 4:16 p.m.27 views

CVE-2026-38587

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

4.3CVSS0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 12:0 a.m.42 views

CVE-2026-38587

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

0.00221EPSS
Exploits0References1
OSV
OSV
added 2026/05/22 1:17 p.m.16 views

OESA-2026-2391 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen...,...

8.2CVSS5.8AI score0.00527EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/19 12:0 a.m.16 views

Impacket 0.13.1

Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and, for some protocols e.g. SMB1-3 and MSRPC, the protocol implementation itself. Packets can be constructed from scratch, as well as parse...

5.8AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/16 8:5 a.m.32 views

urllib3: Sensitive headers forwarded across origins in proxied low-level redirects

...

8.2CVSS5.8AI score0.00527EPSS
Exploits0
Fedora
Fedora
added 2026/05/15 3:6 a.m.14 views

[SECURITY] Fedora 43 Update: GitPython-3.1.50-1.fc43

GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...

8.8CVSS5.8AI score0.00719EPSS
Exploits1
Fedora
Fedora
added 2026/05/15 2:34 a.m.17 views

[SECURITY] Fedora 44 Update: GitPython-3.1.50-1.fc44

GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...

8.8CVSS5.8AI score0.00719EPSS
Exploits1
Fedora
Fedora
added 2026/05/14 4:3 a.m.16 views

[SECURITY] Fedora 42 Update: GitPython-3.1.50-1.fc42

GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...

8.8CVSS5.8AI score0.00719EPSS
Exploits1
CVE
CVE
added 2026/05/13 3:20 p.m.80 views

CVE-2026-44431

CVE-2026-44431 affects urllib3 (Python HTTP client). From versions 1.23 up to, but not including, 2.7.0, cross-origin redirects followed by the low‑level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward sensitive headers. This constitutes a leakage of ...

8.2CVSS5.8AI score0.00527EPSS
Exploits0References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/13 12:0 a.m.13 views

Joern 4.0.538

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.9AI score
Exploits0
Rows per page
Query Builder