PT-2026-30908

File Browser versions prior to 2.63.1 Description: File Browser is a file managing interface. Prior to version 2.63.1, a fix intended to restrict execute permissions for self-registered users was not applied to the proxy authentication handler. This allowed users automatically created on first...

Security update 5.0.7 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Non-customer-facing optimization and update golang-github-boynux-squidexporter: Version update from 1.6.0 to 1.13.0 with the following highlighted changes and fixes jscPED-14971: Added compatibility for Squid 6...

openSUSE 16 Security Update : libsoup2 (openSUSE-SU-2026:20354-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20354-1 advisory. - CVE-2025-4476: null pointer dereference may lead to denial of service bsc1243422. - CVE-2025-14523: Duplicate Host Header Handling Causes...

SUSE-SU-2026:20727-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. - CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects bsc1257441. -...

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the urlmatchproxyuse function used by the CONNECT operation for an HTTP proxy connection. An attacker in control of an already-authenticated connection can authenticate using its credentials ...

Security update for libsoup2

This update for libsoup2 fixes the following issues: CVE-2025-32049: denial of service attack to websocket server bsc1240751. CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. CVE-2026-1539: proxy authentication credentials leaked via the...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects bsc1257441...

SUSE-SU-2026:0833-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. - CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects bsc1257441. -...

SUSE-SU-2026:0811-1 Security update for libsoup2

This update for libsoup2 fixes the following issues: - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. - CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects bsc1257441. -...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup (SUSE-SU-2026:0788-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0788-1 advisory. - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests...

curl: CVE-2026-3784: wrong proxy connection reuse with credentials

Summary libcurl may reuse an existing HTTP proxy CONNECT tunnel without matching proxy credentials when selecting a reusable connection. In lib/url.c, urlmatchproxyuse calls proxyinfomatches lib/url.c:930-935 → lib/url.c:589-595, and that matcher compares proxy type, host, and port but does not...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects bsc1257441...

Reliance on Untrusted Inputs in a Security Decision

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision when trusted-proxy authentication is enabled. An attacker can gain unauthorized access to node event methods by connecting with a node...

UBUNTU-CVE-2026-1539

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

CVE-2026-1539 Libsoup: libsoup: credential leakage via http redirects

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

CVE-2026-1539

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

Azure Linux 3.0 Security Update: nodejs (CVE-2024-24758)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24758 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers...

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2025-1359)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1359 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Kanboard 安全漏洞

Kanboard is Kanboard open source set of open source visualization task board software . The software is able to customize the panel according to the business . A security vulnerability exists in Kanboard 1.2.48 and earlier versions that stems from an authentication bypass when REVERSEPROXYAUTH is...

Linux Distros Unpatched Vulnerability : CVE-2026-21881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when...