Lucene search
+L

8 matches found

RedhatCVE
RedhatCVE
added 2026/04/07 5:3 p.m.5 views

CVE-2026-33752

curlcffi is the a Python binding for curl. Prior to 0.15.0, curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata...

8.6CVSS5.9AI score0.00463EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 4:16 p.m.4 views

CVE-2026-33752

curlcffi is the a Python binding for curl. Prior to 0.15.0, curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata...

8.6CVSS0.00463EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 3:1 p.m.2 views

CVE-2026-33752 Redirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonation bypass)

curlcffi is the a Python binding for curl. Prior to 0.15.0, curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata...

8.6CVSS5.9AI score0.00463EPSS
Exploits1References1
OSV
OSV
added 2026/04/06 3:1 p.m.2 views

CVE-2026-33752 Redirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonation bypass)

curlcffi is the a Python binding for curl. Prior to 0.15.0, curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata...

8.6CVSS5.9AI score0.00463EPSS
Exploits1References3
OSV
OSV
added 2026/04/03 9:36 p.m.6 views

GHSA-QW2M-4PQF-RMPP curl_cffi: Redirect-based SSRF leads to internal network access in curl_cffi (with TLS impersonation bypass)

Summary curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata endpoints. In addition, curlcffi’s TLS impersonation...

8.6CVSS5.9AI score0.00463EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-34873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session. CVE-2026-34873 Note that Nessus relies...

9.1CVSS5.8AI score0.00241EPSS
Exploits0References3
OSV
OSV
added 2025/11/06 11:35 p.m.4 views

GHSA-GGP9-C99X-54GP KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing

Summary Due to improper TLS certificate management, a compromised virt-handler could impersonate virt-api by using its own TLS credentials, allowing it to initiate privileged operations against another virt-handler. Details Give all details on the vulnerability. Pointing to the incriminated sourc...

4.7CVSS5.8AI score0.00181EPSS
Exploits1References6
OSV
OSV
added 2025/09/29 9:15 p.m.6 views

CVE-2025-34211

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA and SaaS deployments contain a private SSL key and matching public certificate stored in cleartext. The key belongs to the hostname pl‑local.com and is used by the...

4.9CVSS5.7AI score0.00367EPSS
Exploits1References4
Rows per page
Query Builder