Lucene search
+L

48 matches found

redhat
redhat
added yesterday5 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.7AI score0.00437EPSS
Exploits0References5
osv
osv
added 2026/07/06 8:22 p.m.3 views

SUSE-SU-2026:22565-1 Security update for nodejs24

This update for nodejs24 fixes the following issues Update to version 24.18.0 bsc1269825. Security issues fixed: - CVE-2026-2581: undici: denial of service due to uncontrolled resource consumption bsc1268480. - CVE-2026-6733: undici: response queue poisoning on reused keep-alive sockets can lead ...

9.8CVSS6.1AI score0.02806EPSS
Exploits3References44
osv
osv
added 2026/07/06 3:27 p.m.5 views

BIT-PYTHON-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.7AI score0.00562EPSS
Exploits0References11
redhat
redhat
added 2026/07/06 4:52 a.m.7 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.8AI score0.00437EPSS
Exploits0References5
osv
osv
added 2026/07/06 12:0 a.m.5 views

ALSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References32
osv
osv
added 2026/06/26 2:16 a.m.3 views

ALPINE-CVE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

7.5CVSS6.8AI score0.00437EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/06/26 1:14 a.m.9 views

CVE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

7.5CVSS6.6AI score0.00437EPSS
Exploits0
debiancve
debiancve
added 2026/06/26 1:14 a.m.10 views

CVE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

7.5CVSS6.6AI score0.00437EPSS
Exploits0
osv
osv
added 2026/06/26 1:14 a.m.1 views

CVE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

5.9CVSS6.7AI score0.00437EPSS
Exploits0References3
euvd
euvd
added 2026/06/26 1:14 a.m.9 views

EUVD-2026-39606

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

7.5CVSS6.6AI score0.00437EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/26 1:14 a.m.8 views

CVE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

5.9CVSS6.6AI score0.00437EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/06/26 1:14 a.m.86 views

CVE-2026-48615

Summary: CVE-2026-48615 concerns a flaw in Node.js proxy tunnel error handling that can expose proxy credentials embedded in the proxy URL via the ERR_PROXY_TUNNEL error messages. The leak is tied to error handling paths and could be captured by logs, diagnostics, or other error consumers. Affect...

7.5CVSS6.6AI score0.00437EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/06/26 1:14 a.m.48 views

CVE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

5.9CVSS0.00437EPSS
Exploits0References1
redhat
redhat
added 2026/06/25 11:4 p.m.2 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.6AI score0.00437EPSS
Exploits0References5
redhat
redhat
added 2026/06/08 2:32 a.m.22 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.5AI score0.00254EPSS
Exploits1References5
redhat
redhat
added 2026/06/03 7:15 a.m.11 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References5
nessus
nessus
added 2026/06/03 12:0 a.m.10 views

RockyLinux 10 : python3.12 (RLSA-2026:19064)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19064 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

9.1CVSS7.2AI score0.01279EPSS
Exploits1References25
redhat
redhat
added 2026/06/01 1:36 p.m.14 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References5
nessus
nessus
added 2026/05/26 12:0 a.m.12 views

TencentOS Server 3: libsoup (TSSA-2026:0368)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0368 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References2
osv
osv
added 2026/05/22 1:17 p.m.13 views

OESA-2026-2380 libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: A flaw was found in libsoup. When establishing HTTPS tunnels throu...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References2
Rows per page
Query Builder