Lucene search
+L

490 matches found

OSV
OSV
added 2026/07/08 1:46 p.m.2 views

SUSE-SU-2026:22553-1 Security update for curl

This update for curl fixes the following issues - CVE-2026-8286: wrong STARTTLS connection reuse bsc1268402. - CVE-2026-8458: wrong reuse for different services bsc1268407. - CVE-2026-8924: traling dot domain super cookie bsc1268409. - CVE-2026-8927: env-set cross-proxy Digest auth state leak...

9.8CVSS6.1AI score0.01064EPSS
Exploits10References21
Microsoft CVE
Microsoft CVE
added 2026/07/04 8:7 a.m.3 views

password leak with netrc and user in URL

...

9.1CVSS6.1AI score0.0061EPSS
Exploits1
OSV
OSV
added 2026/07/03 6:16 a.m.3 views

CVE-2026-9079 stale proxy password leak

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS6.1AI score0.01064EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/07/03 6:15 a.m.51 views

CVE-2026-8926 password leak with netrc and user in URL

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

0.0061EPSS
Exploits1References3
Rockylinux
Rockylinux
added 2026/06/26 6:0 p.m.9 views

freeradius:3.0 security update

An update is available for module.freeradius, freeradius. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRADIUS is a high-performance and highly configurabl...

7.5CVSS6.9AI score0.01171EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.10 views

Curl 8.11.1 < 8.21.0 Netrc Password Leak

The version of curl installed on the remote host is 8.11.1 prior to 8.21.0. It is, therefore, affected by a credential disclosure vulnerability: - When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username, curl could wrongly get and use the...

9.1CVSS6AI score0.0061EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/10 2:30 a.m.10 views

SUSE CVE-2026-11695

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.5AI score0.00177EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.16 views

CVE-2026-46481

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in...

8.3CVSS5.4AI score0.00241EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 12:16 a.m.10 views

DEBIAN-CVE-2026-11695

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.5AI score0.00177EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 9:7 a.m.7 views

CLSA-2026-1779354447 shadow-utils: Fix of CVE-2023-4641

CVE-2023-4641: fix password leak in gpasswd...

5.5CVSS5.8AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 8:57 a.m.8 views

CLSA-2026-1779267466 shadow-utils: Fix of CVE-2023-4641

CVE-2023-4641: fix password leak in gpasswd...

5.5CVSS5.8AI score0.00257EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/05/14 11:38 a.m.9 views

curl: CVE-2026-8926: password leak with netrc and user in URL

Hey all, Before the following report, I just want to point to a comment from our scanner, where it seems it was already picked up but it was dismissed and the PR was closed later by another commit - https://github.com/curl/curl/pull/20932issuecomment-4072903895 Nonetheless, it appears this issue...

9.1CVSS5.8AI score0.0061EPSS
Exploits1
NVD
NVD
added 2026/05/13 1:1 p.m.12 views

CVE-2026-6429

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.3CVSS0.00519EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.17 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability. This vulnerability stems from the fact that the...

6.7CVSS5.8AI score0.00083EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 9:31 p.m.14 views

EUVD-2026-27883

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

5.8AI score0.24681EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2026/05/06 12:0 a.m.9 views

CVE-2026-34474

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

5.8AI score0.24681EPSS
Exploits3References3
CVE
CVE
added 2026/05/06 12:0 a.m.35 views

CVE-2026-34474

CVE-2026-34474 affects ZTE ZXHN H298A (1.1) and H108N (2.6) routers. A crafted request to the device’s web interface can cause a sensitive-data exposure, potentially returning the administrator password and WLAN PSK, which could enable authentication bypass and wireless/network compromise. Some f...

7.5CVSS5.8AI score0.24681EPSS
Exploits3References3
OSV
OSV
added 2026/04/29 8:0 a.m.7 views

CURL-CVE-2026-6429 netrc credential leak with reused proxy connection

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.3CVSS5.4AI score0.00519EPSS
Exploits1
NVD
NVD
added 2026/04/21 10:16 a.m.17 views

CVE-2026-6553

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and usersettings fields of the beusers database table. This issue affects TYPO3 CMS version 14.2.0...

7.5CVSS0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.10 views

PT-2026-21532

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The router firmware contains a flaw where the configuration download feature reveals the router password and administrative password in plaintext. The response...

7.1CVSS5.2AI score0.00216EPSS
Exploits0References4
Rows per page
Query Builder