CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added 2026/02/10 12:30 p.m.•18 views

Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

2.5CVSS5.6AI score0.00009EPSS

Exploits0References4Affected Software1

OSV•added 2026/02/10 12:30 p.m.•5 views

GHSA-C4QC-4Q9P-M9Q9 Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability

1CVSS5.6AI score0.00009EPSS

OSV•added 2026/02/10 10:15 a.m.•2 views

UBUNTU-CVE-2026-23901

2.5CVSS7.1AI score0.00009EPSS

Exploits0References3

ATTACKERKB•added 2026/02/10 9:25 a.m.•4 views

CVE-2026-23901

1CVSS5.6AI score0.00009EPSS

Exploits0References2

OSV•added 2026/02/10 8:48 a.m.•3 views

BIT-GOLANG-2025-61732 Potential code smuggling via doc comments in cmd/cgo

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...

8.6CVSS5.5AI score0.00003EPSS

SUSE CVE•added 2026/02/06 12:34 a.m.•5 views

SUSE CVE-2025-61732

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...

9.6CVSS5.3AI score0.00003EPSS

Exploits0References19

OSV•added 2026/02/05 4:15 a.m.•3 views

CVE-2025-61732

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...

8.6CVSS5.5AI score

EUVD•added 2026/02/05 3:42 a.m.•3 views

EUVD-2025-206866

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...

8.6CVSS5.4AI score0.00003EPSS

Snyk•added 2026/02/05 3:10 a.m.•4 views

HTTP Request Smuggling

Overview std/cmd/cgo is a Go standard library package std/cmd/cgo Affected versions of this package are vulnerable to HTTP Request Smuggling. Go Vulnerability Report: A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. Remediation...

9.6CVSS5.4AI score0.00003EPSS

Exploits0References3

RedHat Linux•added 2026/01/29 11:28 a.m.•4 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

RedHat Linux•added 2026/01/29 11:17 a.m.•5 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

OSV•added 2026/01/21 10:27 p.m.•4 views

GHSA-95C6-P277-P87G FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection

Impact Timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys by measuring response latencies. With enough repeated requests, an adversary could infer whether a...

3.7CVSS5.6AI score0.00065EPSS

RedHat Linux•added 2026/01/21 5:40 a.m.•4 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

RedHat Linux•added 2026/01/21 5:26 a.m.•4 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

Tenable Nessus•added 2026/01/21 12:0 a.m.•2 views

RHEL 9 : libsoup (RHSA-2026:0906)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0906 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes...

8.2CVSS5.6AI score0.00024EPSS

Tenable Nessus•added 2026/01/21 12:0 a.m.•1 views

RHEL 8 : libsoup (RHSA-2026:0909)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0909 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes...

8.2CVSS5.6AI score0.00024EPSS

RedHat Linux•added 2026/01/20 3:37 p.m.•3 views

Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

RedHat Linux•added 2026/01/20 3:33 p.m.•5 views

Exploits0References2

Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RedHat Linux•added 2026/01/20 6:18 a.m.•3 views

Exploits0References2

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)