Lucene search
+L

452 matches found

nessus
nessus
added 6 days ago8 views

libcurl 8.11.1 < 8.21.0 Netrc Wrong User Password Leak (CVE-2026-8926)

The version of libcurl installed on the remote host is 8.11.1 prior to 8.21.0. It is, therefore, affected by a credential leak vulnerability: - When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username without a password, curl could wrongly ge...

9.1CVSS6.1AI score0.0061EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/07/06 8:44 p.m.6 views

CVE-2026-8926

A flaw was found in curl. When curl is configured to use a .netrc file for credentials and a URL is provided with a username but no password, curl may incorrectly retrieve and use the password for a different user from the .netrc file for the same host. This could lead to unauthorized information...

9.1CVSS5.8AI score0.0061EPSS
Exploits1References6
snyk
snyk
added 2026/07/03 8:18 a.m.8 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the process that handles .netrc credential retrieval when a URL is specified with a username but without a password. An attacker can gain unauthorized access to sensitive information by exploiting...

9.1CVSS6AI score0.0061EPSS
Exploits1References2
osv
osv
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-8926

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

9.1CVSS6AI score0.0061EPSS
Exploits1References1
nvd
nvd
added 2026/07/03 7:16 a.m.6 views

CVE-2026-8926

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

9.1CVSS0.0061EPSS
Exploits1References3
osv
osv
added 2026/07/03 6:15 a.m.2 views

CVE-2026-8926 password leak with netrc and user in URL

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

9.1CVSS6.1AI score0.0061EPSS
Exploits1References5
euvd
euvd
added 2026/07/03 6:15 a.m.10 views

EUVD-2026-41507

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

6AI score0.0061EPSS
Exploits1References3
cve
cve
added 2026/07/03 6:15 a.m.41 views

CVE-2026-8926

CVE-2026-8926 affects curl when using a .netrc file for credentials while the URL contains a username (no password). The vulnerability can cause curl to fetch and use the password of another user for the same host if a matching host exists in .netrc, leading to credential disclosure. The issue is...

9.1CVSS6AI score0.0061EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2026/07/03 6:15 a.m.49 views

CVE-2026-8926 password leak with netrc and user in URL

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

0.0061EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/07/03 6:15 a.m.8 views

CVE-2026-8926

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

9.1CVSS6AI score0.0061EPSS
Exploits1References3
nessus
nessus
added 2026/07/03 12:0 a.m.8 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : curl vulnerabilities (USN-8487-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8487-1 advisory. Andrew Nesbitt discovered that curl could reuse an existing live connecti...

9.8CVSS6.3AI score0.0108EPSS
Exploits10References11
redhat
redhat
added 2026/07/02 3:43 p.m.2 views

curl: curl: Information disclosure via incorrect .netrc password lookup

A flaw was found in curl. When curl is configured to use a .netrc file for credentials and a URL is provided with a username but no password, curl may incorrectly retrieve and use the password for a different user from the .netrc file for the same host. This could lead to unauthorized information...

9.1CVSS6AI score0.0061EPSS
Exploits1References7
ubuntu
ubuntu
added 2026/06/30 9:34 p.m.8 views

USN-8487-1: curl vulnerabilities

Andrew Nesbitt discovered that curl could reuse an existing live connection during STARTTLS-based connection upgrades even when the TLS configuration did not match. A remote attacker could possibly use this issue to cause curl to use an unintended TLS configuration. CVE-2026-8286 Muhamad Arga...

9.8CVSS6.1AI score0.0108EPSS
Exploits10
osv
osv
added 2026/06/30 9:34 p.m.6 views

USN-8487-1 curl vulnerabilities

Andrew Nesbitt discovered that curl could reuse an existing live connection during STARTTLS-based connection upgrades even when the TLS configuration did not match. A remote attacker could possibly use this issue to cause curl to use an unintended TLS configuration. CVE-2026-8286 Muhamad Arga...

9.8CVSS6.1AI score0.0108EPSS
Exploits10References11
osv
osv
added 2026/06/30 10:27 a.m.5 views

SUSE-SU-2026:2703-1 Security update for curl

This update for curl fixes the following issues - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-5773: wrong reuse of SMB connection bsc1262633. - CVE-2026-6253: proxy credentials leak over...

7.5CVSS7.1AI score0.00639EPSS
Exploits6References13
nvd
nvd
added 2026/06/26 5:16 p.m.10 views

CVE-2026-45407

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...

5.5CVSS0.00089EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/26 4:21 p.m.36 views

CVE-2026-45407 Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...

5CVSS0.00089EPSS
Exploits0References2
osv
osv
added 2026/06/26 4:21 p.m.4 views

CVE-2026-45407 Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...

5CVSS5.9AI score0.00089EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/26 4:21 p.m.9 views

CVE-2026-45407

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...

5.5CVSS5.8AI score0.00089EPSS
Exploits0References3Affected Software1
euvd
euvd
added 2026/06/26 4:21 p.m.7 views

EUVD-2026-39802

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...

5.5CVSS5.8AI score0.00089EPSS
Exploits0References2
Rows per page
Query Builder