CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/06/12 8:58 a.m.•8 views

CVE-2026-50630 Apache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection

A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return CR and Line Feed LF characters. If an attacker can control the realm value, they can injec...

5.4AI score0.00503EPSS

Exploits0References1

EUVD•added 2026/06/12 8:58 a.m.•6 views

EUVD-2026-36398

6.5CVSS5.4AI score0.00503EPSS

Exploits0References1

Positive Technologies•added 2026/06/12 12:0 a.m.•9 views

PT-2026-48849

5.4AI score0.00503EPSS

Exploits0References3

EUVD•added 2026/01/29 9:2 p.m.•4 views

EUVD-2026-4945

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...

6.5CVSS5.9AI score0.00336EPSS

Hacker One•added 2025/12/20 11:55 a.m.•14 views

curl: Functional Regression in Digest Authentication: Failure to handle optional spaces and escaped quotes

Summary A recent migration of the Digest authentication parsing logic to the curlxstr strparse API introduced two functional parsing regressions in lib/vauth/digest.c. 1. Optional Whitespace OWS Handling The current implementation fails to skip optional whitespace after comma delimiters in...

7.2AI score

Exploits0

Tenable Nessus•added 2025/10/28 12:0 a.m.•7 views

Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2025-1233)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1233 advisory. A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing ...

6.5CVSS6AI score0.00723EPSS

Exploits1References6

Amazon•added 2025/10/27 12:0 a.m.•4 views

Medium: libsoup3

Issue Overview: A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing th...

6.5CVSS6.7AI score0.00723EPSS

Exploits1

Tenable Nessus•added 2025/10/07 12:0 a.m.•1 views

Unity Linux 20.1070e Security Update: libsoup (UTSA-2025-984675)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984675 advisory. A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorize...

4.3CVSS5.8AI score0.00309EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-2732

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.02083EPSS

Exploits0References16

Tenable Nessus•added 2025/09/16 12:0 a.m.•1 views

EulerOS 2.0 SP13 : libsoup (EulerOS-SA-2025-2146)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receiv...

Tenable Nessus•added 2025/09/16 12:0 a.m.•2 views

EulerOS 2.0 SP13 : libsoup (EulerOS-SA-2025-2136)

OSV•added 2025/09/12 2:26 p.m.•2 views

OESA-2025-2279 libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: A denial-of-service vulnerability has been identified in the libso...

4.3CVSS6.9AI score0.00309EPSS

Tenable Nessus•added 2025/09/10 12:0 a.m.•5 views

EulerOS 2.0 SP12 : libsoup (EulerOS-SA-2025-2046)

Tenable Nessus•added 2025/09/10 12:0 a.m.•3 views

EulerOS 2.0 SP12 : libsoup (EulerOS-SA-2025-2015)

OSV•added 2025/08/22 11:36 a.m.•4 views

OESA-2025-2068 restic security update

restic is a backup program. It supports verification, encryption, snapshots and deduplication. Security Fixes: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...

6.8CVSS6.9AI score0.0056EPSS

OSV•added 2025/08/22 11:36 a.m.•4 views

OESA-2025-2067 restic security update

6.8CVSS6.9AI score0.0056EPSS