Lucene search
K

451 matches found

OSV
OSV
added 2026/05/13 8:28 a.m.1 views

CVE-2026-6429 netrc credential leak with reused proxy connection

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.3CVSS7.1AI score0.00519EPSS
Exploits1References5
CVE
CVE
added 2026/05/13 8:28 a.m.56 views

CVE-2026-6429

CVE-2026-6429 affects curl/libcurl. When both a .netrc credentials usage and HTTP redirects are requested, the first-host password could be leaked to the redirected host. The issue is characterized in CVE lists as a netrc credential leak with reused proxy connection. Connected advisories (e.g., S...

5.3CVSS5.8AI score0.00519EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 8:28 a.m.8 views

CVE-2026-6429 netrc credential leak with reused proxy connection

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.8AI score0.00519EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:28 a.m.16 views

CVE-2026-6429

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.8AI score0.00519EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2026/05/13 8:28 a.m.42 views

CVE-2026-6429

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.3CVSS5.8AI score0.00519EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/05/13 8:28 a.m.26 views

CVE-2026-6429

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.3CVSS5.8AI score0.00519EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability, which stems from improper handling of .netrc file credentials and HTTP redirection. This vulnerability may lead to password exposure...

5.3CVSS5.8AI score0.00519EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/11 12:0 a.m.15 views

Malicious code in briantreehttp (npm)

briantreehttp is a typosquatting package impersonating braintreehttp, the HTTP client library published by Braintree/PayPal. The package bundles the legitimate library source to appear functional while hiding a credential-theft payload in index1.js, which is executed at install time via the...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/10 12:0 a.m.17 views

Malicious code in dit-envv (npm)

dit-envv is a typosquatting package impersonating dotenv, the widely-used environment variable loader. The package bundles the legitimate dotenv source and documentation to appear functional while hiding a credential-theft payload in index1.js, executed at install time via the postinstall script...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pip (UTSA-2026-016500)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016500 advisory. Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-craft...

5.3CVSS6.6AI score0.00845EPSS
Exploits1References4
SUSE Linux
SUSE Linux
added 2026/05/06 12:14 p.m.12 views

Security update for curl

This update for curl fixes the following issues: Security issues fixed: CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. CVE-2026-6276:...

8.3CVSS7AI score0.00639EPSS
Exploits5References24
OSV
OSV
added 2026/05/06 12:13 p.m.10 views

SUSE-SU-2026:1717-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...

7.5CVSS7.1AI score0.00639EPSS
Exploits5References13
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.18 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : curl vulnerabilities (USN-8227-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8227-1 advisory. It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations....

7.5CVSS5.9AI score0.00639EPSS
Exploits7References8
OSV
OSV
added 2026/05/04 1:12 p.m.8 views

JLSEC-2026-437 When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a...

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

5.3CVSS7.1AI score0.00333EPSS
Exploits1References6
OSV
OSV
added 2026/05/04 1:12 p.m.9 views

JLSEC-2026-413 When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could...

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but...

3.4CVSS6.8AI score0.01378EPSS
Exploits1References12
OSV
OSV
added 2026/05/04 11:40 a.m.12 views

USN-8227-1 curl vulnerabilities

It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2026-4873 It was discovered that curl incorrectly reused certain HTTP Negotiate connection...

7.5CVSS5.9AI score0.00639EPSS
Exploits7References8
Ubuntu
Ubuntu
added 2026/05/04 11:40 a.m.11 views

USN-8227-1: curl vulnerabilities

It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2026-4873 It was discovered that curl incorrectly reused certain HTTP Negotiate connection...

7.5CVSS5.8AI score0.00639EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.22 views

libcurl 7.14.0 < 8.20.0 Netrc Password Leak on HTTP Redirect

The version of libcurl installed on the remote host is 7.14.0 prior to 8.20.0. It is, therefore, affected by a netrc password leak vulnerability: - When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the...

5.3CVSS5.8AI score0.00519EPSS
Exploits1References2
OSV
OSV
added 2026/04/30 2:46 p.m.4 views

SUSE-SU-2026:21452-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...

7.5CVSS7.1AI score0.00639EPSS
Exploits5References13
RedhatCVE
RedhatCVE
added 2026/04/30 1:37 p.m.6 views

CVE-2026-6429

A flaw was found in libcurl. When configured to use a .netrc file for credentials and follow HTTP redirects, libcurl can inadvertently send the password from the initial connection to the redirected host. This sensitive information disclosure occurs when both the original and redirect URLs use...

6.5CVSS5.3AI score0.00519EPSS
Exploits1References4
Rows per page
Query Builder