Lucene search
K

252 matches found

Tenable Nessus
Tenable Nessus
added 3 days ago5 views

Kibana 8.x < 8.18.9 / 8.19.x < 8.19.6 / 9.0.x < 9.0.8 / 9.1.x < 9.1.6 Information Disclosure (ESA-2026-50)

The version of Kibana installed on the remote host is 8.x prior to 8.18.9, 8.19.x prior to 8.19.6, 9.0.x prior to 9.0.8, or 9.1.x prior to 9.1.6. It is, therefore, affected by an information disclosure vulnerability: - Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to...

4.4CVSS6.1AI score0.00211EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 5 days ago6 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS7.1AI score0.00527EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/01 4:59 p.m.35 views

CVE-2026-49088 Insertion of Sensitive Information into Log File in Kibana Leading to Information Disclosure

Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...

4.4CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 4:59 p.m.15 views

CVE-2026-49088

Kibana security advisory CVE-2026-49088 describes that when optional APM instrumentation is enabled, sensitive request header values may be logged in application logs, risking information disclosure (CWE-532). Affected versions include Kibana 8.x up to 8.18.8, 8.19.0–8.19.5, and 9.x 9.0.0–9.0.7, ...

4.4CVSS5.7AI score0.00211EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/01 11:9 a.m.6 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS6.1AI score0.00527EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 12:53 p.m.6 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS5.8AI score0.00527EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 10:23 p.m.4 views

GHSA-396Q-4VC8-28X9 @microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter

Summary @microsoft/kiota-http-fetchlibrary's RedirectHandler is documented as stripping Authorization and Cookie from cross-origin redirect targets, but the default scrubSensitiveHeaders callback in RedirectHandlerOptions uses case-sensitive property deletion delete headers.Authorization, delete...

6.9CVSS5.8AI score0.0065EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/23 7:53 p.m.7 views

CVE-2026-9073

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS5.7AI score0.00152EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/23 10:55 a.m.4 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS5.9AI score0.00527EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 10:51 a.m.8 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS5.9AI score0.00527EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 10:47 a.m.5 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS5.9AI score0.00527EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:32 p.m.4 views

CVE-2026-54264

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Servi...

8.3CVSS6AI score0.00226EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/22 3:32 p.m.6 views

CVE-2026-54264 Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Servi...

8.3CVSS6AI score0.00226EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 2:50 p.m.5 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS5.9AI score0.00527EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 12:7 p.m.2 views

SUSE-SU-2026:2486-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects bsc1265267...

8.2CVSS5.8AI score0.00527EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 5:25 p.m.5 views

GHSA-QXH6-94W6-9R5P @angular/service-worker: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker

An information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Service Worker fetches assets, it preserves metadata such as headers from the original request. However, on cross-origin redirects, the Service Worker fails to strip sensitive...

8.3CVSS5.5AI score0.00226EPSS
Exploits0References4
OSV
OSV
added 2026/06/05 3:48 p.m.12 views

OESA-2026-2542 python-pip security update

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %b=$pkg-config --variable=completionsdir bash-completion 2/dev/null; echo $b:-/bashcompletion.d Name: python-pip Version: 20.2.2 Release: 4 Summary: A...

8.2CVSS6.6AI score0.00527EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:9 p.m.6 views

CVE-2026-45739

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

3.1CVSS5.8AI score0.00218EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/06/04 2:9 p.m.26 views

CVE-2026-45739

The CVE affects Strawberry GraphQL versions 0.288.4 through 0.315.3, where the bundled GraphiQL template could serialize sensitive HTTP header values (e.g., Authorization: Bearer ) into the browser URL query string via the GraphiQL headers editor. This could leak header data to browser history, c...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References5Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/03 12:0 a.m.6 views

Security update for python-urllib3_1 (important)

openSUSE security update: security update for python-urllib31 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20871-1 Rating: important References: bsc1265267 Cross-References: CVE-2026-44431 CVSS scores: CVE-2026-44431 SUSE : 7.5...

8.2CVSS5.8AI score0.00527EPSS
Exploits0References1
Rows per page
Query Builder