CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

492 matches found

Github Security Blog•added 5 days ago•7 views

Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix

Patch Bypass Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix in Axios 1.15.2 Summary The Object.createnull fix introduced in Axios 1.15.2 GHSA-q8qp-cvcw-x6jj protects the top-level config object from prototype pollution. However, nested objects created...

5.8AI score

Exploits0References3Affected Software1

OSV•added 5 days ago•5 views

GHSA-654M-C8P4-X5FP Axios has a Patch Bypass: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix

3.7CVSS5.8AI score

Exploits0References3

Snyk•added 5 days ago•2 views

Prototype Pollution

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the setProxy function. An attacker can inject arbitrary credentials into the Proxy-Authorization header of proxied HTTP requests b...

9.1CVSS6.4AI score0.00071EPSS

Exploits1References3

Positive Technologies•added 5 days ago•3 views

PT-2026-44909

3.7CVSS5.8AI score

Exploits0References4

Snyk•added 2026/05/27 12:38 a.m.•10 views

Insufficiently Protected Credentials

Overview @hapi/wreck is a HTTP Client Utilities library. Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to leaking the sensitive Proxy-Authorization header across cross-hostname redirects. An attacker can obtain sensitive proxy credentials by inducing...

6.3CVSS5.8AI score

Exploits0References2

OSV•added 2026/05/27 12:38 a.m.•6 views

GHSA-VHJM-W67Q-G75C @hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects

Impact When @hapi/wreck follows a 3xx redirect to a different hostname, only the Authorization and Cookie headers are stripped. The standard credential header Proxy-Authorization is forwarded intact to the redirect target, potentially exposing forward-proxy credentials to a host outside the...

6.3CVSS5.8AI score

Exploits0References4

Github Security Blog•added 2026/05/27 12:38 a.m.•9 views

@hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname redirects

4.3CVSS6.8AI score0.00177EPSS

Exploits0References4Affected Software1

OSV•added 2026/05/19 2:46 a.m.•4 views

MGASA-2026-0150 Updated perl-libwww-perl & perl-HTTP-Message packages fix security vulnerabilities

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects...

6.5CVSS5.8AI score0.00033EPSS

Exploits0References3

Microsoft CVE•added 2026/05/17 8:1 a.m.•1 views

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects

...

6.5CVSS5.8AI score0.00033EPSS

Exploits0

NVD•added 2026/05/14 4:16 p.m.•5 views

CVE-2026-44503

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

7CVSS0.00079EPSS

Exploits0References1

Vulnrichment•added 2026/05/14 3:58 p.m.•1 views

CVE-2026-44503 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

7CVSS5.8AI score0.00079EPSS

Exploits0References1

Cvelist•added 2026/05/14 3:58 p.m.•32 views

CVE-2026-44503 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

7CVSS0.00079EPSS

Exploits0References1

ATTACKERKB•added 2026/05/14 3:58 p.m.•2 views

CVE-2026-44503

7CVSS5.8AI score0.00079EPSS

Exploits0References2Affected Software6

CVE•added 2026/05/14 3:58 p.m.•14 views

CVE-2026-44503

CVE-2026-44503 affects the RedirectHandler in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0, and similar Kiota libraries). The root cause is that when following 3xx redirects to a different host or scheme, only the Authorization header is removed; Cookie, Proxy-Auth...

7CVSS5.8AI score0.00079EPSS

Exploits0References1

SUSE CVE•added 2026/05/13 2:25 p.m.•5 views

SUSE CVE-2026-8368

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

5.3CVSS5.8AI score0.00033EPSS

Exploits0References3

Snyk•added 2026/05/13 11:15 a.m.•9 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack in the Proxy-Authorization: header handling process. An attacker can gain unauthorized access to resources or sensitive information by leveraging a scenario where authentication credentials intended for one proxy are...

8.2CVSS5.8AI score0.00079EPSS

Exploits1References2

Debian CVE•added 2026/05/13 8:29 a.m.•3 views

CVE-2026-7168

Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...

5.3CVSS5.8AI score0.00079EPSS

Exploits1

NVD•added 2026/05/12 3:16 p.m.•5 views

CVE-2026-8368

6.5CVSS0.00033EPSS

Exploits0References5

Cvelist•added 2026/05/12 2:1 p.m.•23 views

CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects

0.00033EPSS

Exploits0References4

ATTACKERKB•added 2026/05/12 2:1 p.m.•3 views

CVE-2026-8368