Lucene search
K

310 matches found

EUVD
EUVD
added 4 days ago5 views

EUVD-2026-39508

File Browser: Authentication Bypass via Proxy Auth Header Forgery...

9.1CVSS6.1AI score0.00337EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS : curl vulnerabilities (USN-8525-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8525-1 advisory. Harry Sintonen discovered that curl incorrectly handled credentials when following HTTP...

9.8CVSS6.7AI score0.01378EPSS
Exploits10References11
RedhatCVE
RedhatCVE
added 2026/07/06 8:44 p.m.4 views

CVE-2026-8927

A flaw was found in libcurl. When reusing a libcurl handle for sequential transfers with environment-variable proxy configuration, the library does not properly clear the proxy authentication state. This oversight can lead to the unintended disclosure of Proxy-Authorization headers to an incorrec...

9.1CVSS5.8AI score0.00752EPSS
Exploits1References6
Snyk
Snyk
added 2026/07/03 10:20 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits4References2
OSV
OSV
added 2026/07/03 7:16 a.m.3 views

ALPINE-CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS6AI score0.00752EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.7 views

CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS0.00752EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:16 a.m.21 views

CVE-2026-9079

CVE-2026-9079 affects libcurl 8.8.0 before 8.21.0, where a flaw in clearing proxy authentication credentials leaves old credentials available for subsequent transfers. This credential-disclosure issue is described across multiple sources (NVD, CIRCL, Debian, Ubuntu advisories, and curl’s page). I...

9.8CVSS6AI score0.01064EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 6:16 a.m.8 views

CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

5.9AI score0.00752EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/07/03 6:16 a.m.7 views

EUVD-2026-41508

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

5.9AI score0.00752EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/03 6:16 a.m.46 views

CVE-2026-8927 env-set cross-proxy Digest auth state leak

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

0.00752EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/03 6:16 a.m.8 views

CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS5.9AI score0.00752EPSS
Exploits1References3
OSV
OSV
added 2026/06/30 9:34 p.m.6 views

USN-8487-1 curl vulnerabilities

Andrew Nesbitt discovered that curl could reuse an existing live connection during STARTTLS-based connection upgrades even when the TLS configuration did not match. A remote attacker could possibly use this issue to cause curl to use an unintended TLS configuration. CVE-2026-8286 Muhamad Arga...

9.8CVSS6.1AI score0.0108EPSS
Exploits10References11
Ubuntu
Ubuntu
added 2026/06/30 9:34 p.m.8 views

USN-8487-1: curl vulnerabilities

Andrew Nesbitt discovered that curl could reuse an existing live connection during STARTTLS-based connection upgrades even when the TLS configuration did not match. A remote attacker could possibly use this issue to cause curl to use an unintended TLS configuration. CVE-2026-8286 Muhamad Arga...

9.8CVSS6.1AI score0.0108EPSS
Exploits10
NVD
NVD
added 2026/06/25 7:16 p.m.15 views

CVE-2026-54089

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication auth.method=proxy, any unauthenticated attacker who can reach the server...

9.1CVSS0.00337EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:46 p.m.7 views

CVE-2026-54089

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication auth.method=proxy, any unauthenticated attacker who can reach the server...

9.1CVSS5.8AI score0.00337EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/25 5:46 p.m.16 views

CVE-2026-54089

CVE-2026-54089 impacts File Browser when configured with proxy authentication (auth.method=proxy). The issue allows an unauthenticated attacker who can reach the server to impersonate any user—including an administrator—by sending a single forged HTTP header. No credentials are required. Addition...

9.1CVSS5.8AI score0.00337EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52537

Name of the Vulnerable Software and Affected Versions File Browser versions 2.0.0-rc.1 and later Description When configured with proxy authentication auth.method=proxy, the software improperly trusts upstream identity headers without validating that requests originate from a trusted proxy. An...

9.1CVSS5.7AI score0.00337EPSS
Exploits0References10
NVD
NVD
added 2026/06/24 9:16 p.m.11 views

CVE-2026-25119

Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLEREVERSEPROXYAUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originated from a trusted reverse proxy. A...

8.7CVSS0.00864EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:7 p.m.7 views

CVE-2026-25119

Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLEREVERSEPROXYAUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originated from a trusted reverse proxy. A...

8.7CVSS6AI score0.00864EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS5.9AI score0.00752EPSS
Exploits1References4
Rows per page
Query Builder