Lucene search
+L

119 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.9 views

libcurl 8.11.1 < 8.21.0 Netrc Wrong User Password Leak (CVE-2026-8926)

The version of libcurl installed on the remote host is 8.11.1 prior to 8.21.0. It is, therefore, affected by a credential leak vulnerability: - When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username without a password, curl could wrongly ge...

9.1CVSS6.1AI score0.0061EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/07/06 8:44 p.m.8 views

CVE-2026-8926

A flaw was found in curl. When curl is configured to use a .netrc file for credentials and a URL is provided with a username but no password, curl may incorrectly retrieve and use the password for a different user from the .netrc file for the same host. This could lead to unauthorized information...

9.1CVSS5.8AI score0.0061EPSS
Exploits1References6
Microsoft CVE
Microsoft CVE
added 2026/07/04 8:7 a.m.3 views

password leak with netrc and user in URL

...

9.1CVSS6.1AI score0.0061EPSS
Exploits1
NVD
NVD
added 2026/07/03 7:16 a.m.6 views

CVE-2026-8926

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

9.1CVSS0.0061EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 6:15 a.m.12 views

EUVD-2026-41507

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

6AI score0.0061EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/03 6:15 a.m.10 views

CVE-2026-8926

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

9.1CVSS6AI score0.0061EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/07/02 3:43 p.m.3 views

curl: curl: Information disclosure via incorrect .netrc password lookup

A flaw was found in curl. When curl is configured to use a .netrc file for credentials and a URL is provided with a username but no password, curl may incorrectly retrieve and use the password for a different user from the .netrc file for the same host. This could lead to unauthorized information...

9.1CVSS6AI score0.0061EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:21 p.m.11 views

CVE-2026-45407

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...

5.5CVSS5.8AI score0.00089EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/26 4:21 p.m.4 views

CVE-2026-45407 Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...

5CVSS5.9AI score0.00089EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/24 12:18 p.m.3 views

curl: curl: Information disclosure via incorrect .netrc password lookup

A flaw was found in curl. When curl is configured to use a .netrc file for credentials and a URL is provided with a username but no password, curl may incorrectly retrieve and use the password for a different user from the .netrc file for the same host. This could lead to unauthorized information...

9.1CVSS6AI score0.0061EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51749

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When configured to use a .netrc file for credentials while simultaneously specifying a URL containing a username but no password e.g., https://[email protected]/, the software may incorrectly...

9.1CVSS5.8AI score0.0061EPSS
Exploits1References27
NVD
NVD
added 2026/05/13 1:1 p.m.12 views

CVE-2026-6429

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.3CVSS0.00519EPSS
Exploits1References3
OSV
OSV
added 2026/05/13 1:1 p.m.11 views

ALPINE-CVE-2026-6429

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.3CVSS5.4AI score0.00519EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:28 a.m.18 views

CVE-2026-6429

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.8AI score0.00519EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/05/13 8:28 a.m.59 views

CVE-2026-6429 netrc credential leak with reused proxy connection

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

0.00519EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/11 12:0 a.m.15 views

Malicious code in briantreehttp (npm)

briantreehttp is a typosquatting package impersonating braintreehttp, the HTTP client library published by Braintree/PayPal. The package bundles the legitimate library source to appear functional while hiding a credential-theft payload in index1.js, which is executed at install time via the...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/10 12:0 a.m.18 views

Malicious code in dit-envv (npm)

dit-envv is a typosquatting package impersonating dotenv, the widely-used environment variable loader. The package bundles the legitimate dotenv source and documentation to appear functional while hiding a credential-theft payload in index1.js, executed at install time via the postinstall script...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/04 1:12 p.m.10 views

JLSEC-2026-413 When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could...

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but...

3.4CVSS6.8AI score0.01378EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2026/04/30 1:37 p.m.7 views

CVE-2026-6429

A flaw was found in libcurl. When configured to use a .netrc file for credentials and follow HTTP redirects, libcurl can inadvertently send the password from the initial connection to the redirected host. This sensitive information disclosure occurs when both the original and redirect URLs use...

6.5CVSS5.3AI score0.00519EPSS
Exploits1References4
OSV
OSV
added 2026/04/29 2:0 p.m.5 views

UBUNTU-CVE-2026-6429

When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances...

5.3CVSS5.8AI score0.00519EPSS
Exploits1References4
Rows per page
Query Builder