CVE-2025-46421 – Apache Libsoup HTTP Authorization Header Exposure Vulnerability

April 24, 2025

CVE ID : CVE-2025-46421

Published : April 24, 2025, 1:15 p.m. | 1 hour, 44 minutes ago

Description : A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-30408 – Acronis Cyber Protect Cloud Agent Windows Privilege Escalation

Next Article CVE-2025-46420 – Libsoup Memory Leak Vulnerability

Highlights

CVE-2025-43200 – Apple WatchOS/IOS/MacOS/iPadOS/VisionOS Photo/Video Processing Logic Vulnerability

June 16, 2025

CVE ID : CVE-2025-43200

Published : June 16, 2025, 10:16 p.m. | 2 hours, 32 minutes ago

Description : This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-46421 – Apache Libsoup HTTP Authorization Header Exposure Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

CVE-2025-48289 – AncoraThemes Kids Planet Deserialization of Untrusted Data Object Injection Vulnerability

Tags – GNOME text tagger

We are truly in the Hackathon Era – Namanh Kapur interview [Podcast #180]

These OnePlus flagship earbuds were already a great deal, but now they’re $40 off

CVE-2025-43200 – Apple WatchOS/IOS/MacOS/iPadOS/VisionOS Photo/Video Processing Logic Vulnerability

Silent Hill 2 remake developer’s new game Cronos: The New Dawn gets gameplay trailer

CVE-2025-48286 – ReDi Restaurant Reservation Cross-site Scripting

CVE-2025-53617 – Apache HTTP Server Request Smuggling

CVE-2025-46421 – Apache Libsoup HTTP Authorization Header Exposure Vulnerability

Related Posts