8 matches found
CVE-2026-33752
curlcffi is the a Python binding for curl. Prior to 0.15.0, curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata...
CVE-2026-33752
curlcffi is the a Python binding for curl. Prior to 0.15.0, curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata...
CVE-2026-33752 Redirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonation bypass)
curlcffi is the a Python binding for curl. Prior to 0.15.0, curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata...
CVE-2026-33752 Redirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonation bypass)
curlcffi is the a Python binding for curl. Prior to 0.15.0, curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata...
GHSA-QW2M-4PQF-RMPP curl_cffi: Redirect-based SSRF leads to internal network access in curl_cffi (with TLS impersonation bypass)
Summary curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata endpoints. In addition, curlcffi’s TLS impersonation...
Linux Distros Unpatched Vulnerability : CVE-2026-34873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session. CVE-2026-34873 Note that Nessus relies...
GHSA-GGP9-C99X-54GP KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing
Summary Due to improper TLS certificate management, a compromised virt-handler could impersonate virt-api by using its own TLS credentials, allowing it to initiate privileged operations against another virt-handler. Details Give all details on the vulnerability. Pointing to the incriminated sourc...
CVE-2025-34211
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA and SaaS deployments contain a private SSL key and matching public certificate stored in cleartext. The key belongs to the hostname pl‑local.com and is used by the...