Lucene search
K

1138 matches found

Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-56293 Capgo - Stale Cross-Organization Authorization via Incomplete deploy_history Update in transfer_app()

Capgo before 12.128.2 contains an authorization flaw in transferapp that fails to update deployhistory.ownerorg when transferring applications between organizations. Attackers can exploit this omission to retain unauthorized access to deployment history records in the source organization or cause...

5.4CVSS0.00143EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 8:16 a.m.8 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the process of reusing a handle for sequential transfers with environment-variable proxy configuration. An attacker can cause sensitive authentication headers to be sent to an...

9.1CVSS6AI score0.00752EPSS
Exploits1References2
NVD
NVD
added 2026/07/03 7:16 a.m.7 views

CVE-2026-9079

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS0.01064EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-9079

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS6AI score0.01064EPSS
Exploits1References1
EUVD
EUVD
added 2026/07/03 6:18 a.m.8 views

EUVD-2026-41495

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

6AI score0.00508EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/03 6:17 a.m.8 views

CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS5.9AI score0.00408EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 6:16 a.m.9 views

EUVD-2026-41510

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

6AI score0.01064EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/03 6:16 a.m.8 views

CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS5.9AI score0.00752EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/03 6:16 a.m.8 views

CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

5.9AI score0.00752EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/07/03 6:13 a.m.9 views

EUVD-2026-41501

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

6AI score0.01064EPSS
Exploits1References3
OSV
OSV
added 2026/07/01 2:16 p.m.3 views

UBUNTU-CVE-2026-53331

In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Avoid ABBA on txlock/ctrl-lock During the SSR/PDR down notification the txlock is taken with the intent to provide synchronization with active DMA transfers. But during this period qcomslimngddown is...

5.8AI score0.00172EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/29 1:50 p.m.6 views

CVE-2026-12490

A flaw was found in nsd. When a 'provide-xfr' is configured with a 'tls-auth-name', the server incorrectly allows zone transfers without requiring a client certificate if the request comes over TLS on the regular 'tls-port' or over TCP on the regular port, provided other access control conditions...

8.2CVSS5.8AI score0.00139EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.22 views

libcurl 7.69.0 < 8.21.0 SSH Improper Host Validation

The version of libcurl installed on the remote host is 7.69.0 prior to 8.21.0. It is, therefore, affected by an improper host validation vulnerability: - When a libcurl-based application performs transfers via SCP or SFTP and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an...

7.4CVSS6AI score0.00508EPSS
Exploits1References2
CVE
CVE
added 2026/06/25 12:23 p.m.12 views

CVE-2026-40209

CVE-2026-40209 describes a denial-of-service risk where an attacker can send IXFR queries causing outgoing TCP connections to a backend to remain open until timeouts, potentially exhausting available file descriptors or hitting concurrent-connection limits. The core issue is a hang/linger conditi...

5.3CVSS5.8AI score0.00404EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/25 12:23 p.m.5 views

CVE-2026-40209

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or...

5.3CVSS5.8AI score0.00404EPSS
Exploits0
CVE
CVE
added 2026/06/25 5:24 a.m.20 views

CVE-2026-12490

CVE-2026-12490 describes a bypass of client certificate verification during transfers when a provide-xfr rule uses a tls-auth-name. A secondary transfer may require a client certificate with that name, but no certificate is needed if the request is over TLS on the regular tls-port (not tls-auth-p...

8.2CVSS5.8AI score0.00139EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/24 6:32 p.m.4 views

EUVD-2026-38898

In the Linux kernel, the following vulnerability has been resolved: i3c: master: renesas: Fix memory leak in renesasi3ci3cxfers The xfer structure allocated by renesasi3callocxfer was never freed in the renesasi3ci3cxfers function. Use the freekfree cleanup attribute to automatically free the...

5.7AI score0.00166EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 5:17 p.m.7 views

CVE-2026-53030

In the Linux kernel, the following vulnerability has been resolved: i3c: master: renesas: Fix memory leak in renesasi3ci3cxfers The xfer structure allocated by renesasi3callocxfer was never freed in the renesasi3ci3cxfers function. Use the freekfree cleanup attribute to automatically free the...

5.5CVSS0.00166EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 4:29 p.m.3 views

CVE-2026-53030 i3c: master: renesas: Fix memory leak in renesas_i3c_i3c_xfers()

In the Linux kernel, the following vulnerability has been resolved: i3c: master: renesas: Fix memory leak in renesasi3ci3cxfers The xfer structure allocated by renesasi3callocxfer was never freed in the renesasi3ci3cxfers function. Use the freekfree cleanup attribute to automatically free the...

5.8AI score0.00166EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 4:29 p.m.12 views

CVE-2026-53030

In the Linux kernel, the following vulnerability has been resolved: i3c: master: renesas: Fix memory leak in renesasi3ci3cxfers The xfer structure allocated by renesasi3callocxfer was never freed in the renesasi3ci3cxfers function. Use the freekfree cleanup attribute to automatically free the...

5.5CVSS5.7AI score0.00166EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder