Lucene search
K

547 matches found

CVE
CVE
added 4 hours ago11 views

CVE-2026-15075

CVE-2026-15075 affects Eclipse Vert.x up to 4.5.29 (4.x) and 5.1.4 (5.x). The DefaultRedirectHandler in vertx-core forwards all request headers across cross-origin HTTP 30x redirects, stripping only Content-Length. No origin check is performed before copying headers to the redirect target. This a...

8.2CVSS6.2AI score
Exploits0References1
OSV
OSV
added 5 days ago2 views

GHSA-Q6GH-6V2R-HJV3 Micronaut: DefaultHttpClient follows redirects, forwarding Authorization, Cookie, and Proxy-Authorization headers

Impact DefaultHttpClient follows redirects and forwards Authorization, Cookie, and Proxy-Authorization headers to redirect targets across domain boundaries. The blocklist only filters Host/Connection/TE/CT/CL. Additionally, no maximum redirect count exists, enabling infinite loop DoS. Affected:...

6.8CVSS6AI score
Exploits0References5
CVE
CVE
added last week11 views

CVE-2026-7017

CVE-2026-7017 affects HTTP::Tiny for Perl prior to 0.095. When a 3xx redirect is followed, the implementation re-merges caller-supplied headers into the new request without verifying origin sharing. This causes Authorization, Cookie, and Proxy-Authorization headers to be resent to the redirect ta...

7.1CVSS6AI score0.0026EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-7017

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

7.1CVSS6AI score0.0026EPSS
Exploits0References6
EUVD
EUVD
added last week9 views

EUVD-2026-42072

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

7.1CVSS6AI score0.0026EPSS
Exploits0References5
OSV
OSV
added last week6 views

CVE-2026-7017 HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

7.1CVSS6AI score0.0026EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56232

Name of the Vulnerable Software and Affected Versions HTTP::Tiny versions prior to 0.095 Description When a server returns a 3xx redirect, the maybe redirect function follows the Location: header and the prepare headers and cb function re-merges the caller's headers argument into the new request...

7.1CVSS6AI score0.0026EPSS
Exploits0References13
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5224 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect in github.com/microsoft/kiota-http-go

Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect in github.com/microsoft/kiota-http-go...

7CVSS5.8AI score0.00505EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 7:42 p.m.2 views

SUSE-SU-2026:22353-1 Security update for perl-libwww-perl

This update for perl-libwww-perl fixes the following issue - CVE-2026-8368: authorization and proxy-authorization headers are leaked on cross-origin redirects bsc1265156...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 3:32 p.m.36 views

CVE-2026-54264 Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Servi...

8.3CVSS0.00226EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 7:1 p.m.21 views

CVE-2026-10741

Sonatype Nexus Repository Manager prior to 3.93.0 contains an authorization flaw in the proxy repository configuration that lets a delegated repository administrator disclose stored upstream proxy credentials. This affects confidentiality (credentials exposure) with a CVSS base score of 5.9 (MEDI...

5.9CVSS5.3AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 5:25 p.m.6 views

GHSA-QXH6-94W6-9R5P @angular/service-worker: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker

An information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Service Worker fetches assets, it preserves metadata such as headers from the original request. However, on cross-origin redirects, the Service Worker fails to strip sensitive...

8.3CVSS5.5AI score0.00226EPSS
Exploits0References4
Veracode
Veracode
added 2026/06/15 8:8 a.m.10 views

Information Exposure

Axios is vulnerable to Information Exposure. The vulnerability is due to improper handling of the Proxy-Authorization header in the Node.js HTTP adapter, where proxy credentials can be forwarded to a redirected destination during certain proxy-to-direct redirect flows, allowing an...

8.2CVSS5.3AI score0.00664EPSS
Exploits1References32Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.21 views

PT-2026-49580

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description An information disclosure issue exists in the @angular/service-worker package. When the Service Worker fetches assets, it preserve...

8.3CVSS5.9AI score0.00226EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.10 views

SUSE CVE-2026-48856

Sensitive Data Exposure vulnerability in Erlang OTP inets httpcresponse module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

7.1CVSS5.3AI score0.00335EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/12 1:9 a.m.15 views

CVE-2026-44487

A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final...

8.2CVSS5.1AI score0.00664EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/11 11:14 p.m.13 views

CVE-2026-44489

A flaw was found in Axios, a promise-based HTTP client. A remote attacker could exploit a prototype pollution vulnerability, which occurs when nested objects are created without proper checks, allowing an attacker to inject malicious properties into Object.prototype. This vulnerability specifical...

5.3CVSS5.1AI score0.00228EPSS
Exploits1References4
OSV
OSV
added 2026/06/11 5:16 p.m.7 views

DEBIAN-CVE-2026-44489

Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge e.g., config.proxy are still constructed as plain with Object.prototype in their chain. The setProxy function at lib/adapters/http.js:209-223 reads proxy.username,...

5.3CVSS5.3AI score0.00228EPSS
Exploits1References1
OSV
OSV
added 2026/06/11 5:16 p.m.7 views

DEBIAN-CVE-2026-44487

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is...

7.5CVSS5.4AI score0.00664EPSS
Exploits1References1
NVD
NVD
added 2026/06/11 5:16 p.m.14 views

CVE-2026-44487

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is...

8.2CVSS0.00664EPSS
Exploits1References29
Rows per page
Query Builder