Lucene search
K

175 matches found

Cvelist
Cvelist
added 2026/01/28 3:15 p.m.31 views

CVE-2026-1539 Libsoup: libsoup: credential leakage via http redirects

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

5.8CVSS0.00237EPSS
Exploits0References2
CVE
CVE
added 2026/01/28 3:15 p.m.34 views

CVE-2026-1539

The connected IBM ACE bulletin confirms CVE-2026-1539 is a libsoup HTTP library issue: during HTTP redirects, the library removes the Authorization header but may fail to remove Proxy-Authorization when redirecting to a different host, potentially leaking proxy credentials to third-party servers....

5.8CVSS5.8AI score0.00237EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/01/28 3:15 p.m.3 views

CVE-2026-1539

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

5.8CVSS5.8AI score0.00237EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.8 views

libsoup security vulnerabilities

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability that stems from failing to remove the Proxy-Authorization header when handling HTTP redirection, which may lead to the exposure of proxy credentials...

5.8CVSS6AI score0.00237EPSS
Exploits0References1
Amazon
Amazon
added 2026/01/21 12:0 a.m.7 views

Medium: python3-urllib3

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possib...

8.9CVSS7.8AI score0.01141EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 7 : python-pip-9.0.3-8.0.1.el7.AXS7 (AXSA:2024-8982:05)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8982:05 advisory. CVE-2024-37891: strip Proxy-Authorization header on redirects CVEs: CVE-2024-37891 urllib3 is a user-friendly HTTP client library for Python. When using...

6.5CVSS7.8AI score0.01141EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : python3.12-urllib3-1.26.18-2.el9.1 (AXSA:2024-9270:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9270:02 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 Tenable has extracted the preceding description bloc...

6.5CVSS7.9AI score0.01141EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 9 : python-requests-2.25.1-7.el9 (AXSA:2023-6284:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6284:01 advisory. python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has extracted the preceding description block directly from the...

6.1CVSS7.4AI score0.02782EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : python3.11-urllib3-1.26.12-2.el9.1 (AXSA:2024-9170:04)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9170:04 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 Tenable has extracted the preceding description bloc...

6.5CVSS8AI score0.01141EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 7 : python-urllib3-1.10.2-7.0.1.el7.AXS7 (AXSA:2024-9026:07)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9026:07 advisory. CVE-2024-37891: strip Proxy-Authorization header on redirects CVEs: CVE-2024-37891 urllib3 is a user-friendly HTTP client library for Python. When using...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 3: python3.11-urllib3 (TSSA-2024:0797)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0797 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

6.5CVSS6.8AI score0.01141EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.4 views

TencentOS Server 4: python-urllib3 (TSSA-2024:0551)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0551 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.5CVSS6.8AI score0.01141EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-0098

Malware in sbrugna...

5CVSS9.1AI score0.02036EPSS
Exploits0References16
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-0615

Malware in sbrugna...

4.3CVSS6.4AI score0.02165EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-0227

Malicious code in bioql PyPI...

6.1CVSS6.7AI score0.02782EPSS
Exploits1References11
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:17 a.m.1 views

Security Bulletin: urllib3 Proxy-Authorization header only applies with ProxyManager, not direct requests

Summary urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

6.5CVSS6.7AI score0.01141EPSS
Exploits1Affected Software1
OSV
OSV
added 2025/09/26 1:8 p.m.5 views

OESA-2025-2339 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 23.3.1 Release: 5 Summary: A...

6.1CVSS6.8AI score0.02782EPSS
Exploits1References2
OSV
OSV
added 2025/08/22 11:36 a.m.5 views

OESA-2025-2068 restic security update

restic is a backup program. It supports verification, encryption, snapshots and deduplication. Security Fixes: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...

6.8CVSS6.9AI score0.0056EPSS
Exploits0References2
OSV
OSV
added 2025/08/22 11:36 a.m.5 views

OESA-2025-2067 restic security update

restic is a backup program. It supports verification, encryption, snapshots and deduplication. Security Fixes: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...

6.8CVSS6.9AI score0.0056EPSS
Exploits0References2
OSV
OSV
added 2025/08/13 8:6 p.m.6 views

CLSA-2025-1755115606 golang: Fix of CVE-2025-4673

CVE-2025-4673: remove Proxy-Authorization and Proxy-Authenticate headers from cross-origin redirects to prevent sensitive information leakage...

6.8CVSS6.8AI score0.0056EPSS
Exploits0References1
Rows per page
Query Builder