CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2 days ago•23 views

CVE-2026-48594 Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression

8.2CVSS0.00042EPSS

CVE•added 2 days ago•7 views

CVE-2026-48594

The CVE-2026-48594 issue affects elixir-tesla/tesla: when Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is used, HTTP responses are decompressed eagerly without a size cap. The decompress_body/2 path passes the full body to :zlib.gunzip/1 or :zlib.unzip/1, and compression_al...

8.2CVSS5.8AI score0.00042EPSS

ATTACKERKB•added 2 days ago•4 views

CVE-2026-48594

8.2CVSS5.8AI score0.00042EPSS

Exploits0References5Affected Software1

EUVD•added 2 days ago•5 views

EUVD-2026-34012

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...

2.1CVSS5.8AI score0.00014EPSS

RedHat Linux•added 2 days ago•6 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS6.6AI score0.00028EPSS

Exploits1References8

SUSE CVE•added 2 days ago•7 views

SUSE CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

7.5CVSS5.7AI score0.0008EPSS

Exploits1References3

NVD•added 3 days ago•10 views

CVE-2026-42674

Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...

7.5CVSS0.00039EPSS

Cvelist•added 3 days ago•21 views

CVE-2026-42674 WordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerability

Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...

7.5CVSS0.00039EPSS

EUVD•added 3 days ago•5 views

EUVD-2026-33689

Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...

Vulnrichment•added 3 days ago•5 views

CVE-2026-42674 WordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerability

Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...

CVE•added 3 days ago•9 views

CVE-2026-42674

The CVE concerns the WordPress plugin Advanced Access Manager (AAM)

RedhatCVE•added 3 days ago•5 views

CVE-2026-45352

A flaw was found in cpp-httplib, a C++ HTTP/HTTPS library. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP request that includes a negative chunk-size in the chunked Transfer-Encoding. This incorrect parsing leads to unbounded memory allocation, causing the...

7.5CVSS5.8AI score0.0008EPSS

Exploits1References2

Nuclei•added 3 days ago•37 views

Webmin < 1.920 - Authenticated Remote Code Execution

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...

8.8CVSS7.3AI score0.92931EPSS

Exploits4References5

CVE•added 3 days ago•5 views

CVE-2026-37229

CVE-2026-37229 affects FlexRIC v2.0.0. A reachable assertion in e2ap_create_pdu() is triggered when ASN.1 PER decoding fails, allowing a remote unauthenticated attacker to send a non-PER byte sequence (e.g., 0x00) over SCTP to the near-RT RIC at port 36421 or iApp at port 36422 to crash the proce...

7.5CVSS5.8AI score0.0006EPSS

Exploits1References2Affected Software1

Positive Technologies•added 3 days ago•8 views

PT-2026-45461

Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0...