923 matches found
CVE-2026-29076
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...
CVE-2026-29076 cpp-httplib: Stack Overflow Denial of Service (DoS) via std::regex in multipart filename parsing
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...
CVE-2026-29076 cpp-httplib: Stack Overflow Denial of Service (DoS) via std::regex in multipart filename parsing
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...
CVE-2026-27810
A flaw was found in calibre, an e-book manager. An authenticated user can exploit an HTTP Response Header Injection vulnerability in the calibre Content Server. This is due to an unsanitized contentdisposition query parameter in specific endpoints, allowing the injection of arbitrary HTTP headers...
CVE-2026-27810
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...
DEBIAN-CVE-2026-27810
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...
UBUNTU-CVE-2026-27810
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...
CVE-2026-27810
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...
CVE-2026-27810 calibre Vulnerable to HTTP Response Header Injection
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...
CVE-2026-27810
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...
CVE-2026-27810
The CVE concerns calibre, specifically the Content Server prior to version 9.4.0. A vulnerability in the Content Server allows an authenticated user to inject arbitrary HTTP headers into server responses via an unsanitized content_disposition query parameter in the /get/ and /data-files/get/ endp...
CVE-2026-27810 calibre Vulnerable to HTTP Response Header Injection
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the GetTaskAttachment handler in the API attachment download component. An attacker can execute arbitrary JavaScript and expose authentication tokens by uploading an SVG attachment whose crafted filename...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the GetTaskAttachment handler in the API attachment download component. An attacker can execute arbitrary JavaScript and expose authentication tokens by uploading an SVG attachment whose crafted filename...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the GetTaskAttachment handler in the API attachment download component. An attacker can execute arbitrary JavaScript and expose authentication tokens by uploading an SVG attachment whose crafted filename...
Calibre 注入漏洞
Calibre is an open-source, free tool developed by Kovid Goyal, a personal developer from India. It serves as a comprehensive e-book reading management and format conversion tool. Prior to Calibre 9.4.0, there was a injection vulnerability. This vulnerability stemmed from an HTTP response header...
SUSE-SU-2026:20445-1 Security update for libsoup
This update for libsoup fixes the following issues: - CVE-2026-1536: HTTP header injection or response splitting via CRLF injection in the Content-Disposition header bsc1257440. - CVE-2026-1761: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based buffer...
openSUSE 16 Security Update : libsoup (openSUSE-SU-2026:20186-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20186-1 advisory. - CVE-2026-1536: HTTP header injection or response splitting via CRLF injection in the Content-Disposition header bsc1257440. - CVE-2026-1761:...
Security update for libsoup (important)
openSUSE security update: security update for libsoup ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20186-1 Rating: important References: bsc1257440 bsc1257598 Cross-References: CVE-2026-1536 CVE-2026-1761 CVSS scores: CVE-2026-1536 SUSE : 8.6...
tornado: Tornado Quadratic DoS via Crafted Multipart Parameters
A denial of service flaw has been discovered in the Tornado networking library. Affected versions of Tornado us an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values,...