423 matches found
CURL-CVE-2026-8926 password leak with netrc and user in URL
When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username without a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is n...
Astra Linux – Vulnerability in curl
When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname, but the...
EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-2238)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the...
CVE-2026-47357
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...
CVE-2026-47357
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...
EUVD-2026-30957
Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...
SUSE SLES15 Security Update : curl (SUSE-SU-2026:1940-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1940-1 advisory. Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP...
terrascan 安全漏洞
Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contain security vulnerabilities. These vulnerabilities stem from a server-side request forgeing vulnerability in the remote directory scanning endpoint’s...
SUSE-SU-2026:1940-1 Security update for curl
This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...
EUVD-2026-29930
When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...
netrc credential leak with reused proxy connection
...
ALPINE-CVE-2026-6429
When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...
CVE-2026-6429
When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...
CVE-2026-6429 netrc credential leak with reused proxy connection
When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...
CVE-2026-6429
When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...
CVE-2026-6429
When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...
CVE-2026-6429
When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...
CVE-2026-6429 netrc credential leak with reused proxy connection
When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...
CVE-2026-6429
CVE-2026-6429 affects curl/libcurl. When both a .netrc credentials usage and HTTP redirects are requested, the first-host password could be leaked to the redirected host. The issue is characterized in CVE lists as a netrc credential leak with reused proxy connection. Connected advisories (e.g., S...
curl 安全漏洞
curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability, which stems from improper handling of .netrc file credentials and HTTP redirection. This vulnerability may lead to password exposure...