CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 4 days ago•5 views

CVE-2026-46527

A flaw was found in cpp-httplib, a C++ HTTP/HTTPS library. When a server using cpp-httplib has configured trusted proxies, a remote attacker can send a specially crafted HTTP request with a malformed X-Forwarded-For header. This can lead to undefined behavior, resulting in abnormal process...

8.7CVSS5.8AI score0.00061EPSS

Exploits1References2

RedhatCVE•added 4 days ago•6 views

CVE-2026-45372

A flaw was found in cpp-httplib, a C++ library for handling web requests. A remote attacker could exploit this vulnerability by sending a specially crafted web request. The server incorrectly processes certain encoded characters within the request's header information before checking their...

9.9CVSS5.9AI score0.00056EPSS

Exploits1References2

OSV•added 4 days ago•5 views

UBUNTU-CVE-2026-42253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

OSV•added 4 days ago•3 views

OPENSUSE-SU-2026:20861-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects bsc1265267...

8.2CVSS5.8AI score0.00013EPSS

Exploits0References2

OSV•added 4 days ago•1 views

SUSE-SU-2026:21955-1 Security update for python-urllib3

8.2CVSS5.8AI score0.00013EPSS

Exploits0References3

Cvelist•added 4 days ago•25 views

CVE-2026-42253 Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties

0.00169EPSS

EUVD•added 4 days ago•8 views

EUVD-2026-33578

ATTACKERKB•added 4 days ago•7 views

CVE-2026-42253

5.8AI score0.00169EPSS

Exploits0References2Affected Software2

CVE•added 4 days ago•26 views

CVE-2026-42253

CVE-2026-42253 affects Apache ActiveMQ and Apache ActiveMQ Web. The vulnerability arises in the MessageServlet of the web console API, which copies every JMS message property into HTTP response headers without validation, enabling potential HTTP header injection and cross-site scripting via JMS m...

Exploits0References2Affected Software2

Vulnrichment•added 4 days ago•6 views

CVE-2026-42253 Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties

5.8AI score0.00169EPSS

Nuclei•added 4 days ago•29 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.4AI score0.92445EPSS

Exploits5References5

RedHat Linux•added 4 days ago•14 views

ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

6.5CVSS5.9AI score0.0004EPSS

Exploits0References4

Tenable Nessus•added 4 days ago•7 views

Ubuntu 25.10 / 26.04 LTS : multipart vulnerability (USN-8343-1)

The remote Ubuntu 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8343-1 advisory. It was discovered that multipart had an ambiguous regular expression alternation when handling certain HTTP header values. A remote attacker could possibl...

7.5CVSS7.3AI score0.00859EPSS

Exploits0References2

CNNVD•added 4 days ago•4 views

9Router Authorization Vulnerability

9Router is an intelligent routing and authorization AI model proxy tool developed by decolua’s individual developers. Versions of 9Router prior to 0.4.0 contained an authorization vulnerability. This vulnerability stemmed from incorrect handling of the Host parameter in the function isAuthenticat...

6.5CVSS6.6AI score0.00042EPSS

Exploits0References8

OSV•added 4 days ago•2 views

PUB-A-481345618

In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score

Positive Technologies•added 4 days ago•8 views

PT-2026-45517

microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw to header function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy to copy...

8.8CVSS6AI score0.00038EPSS

Positive Technologies•added 4 days ago•7 views

PT-2026-45561

Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...

7CVSS5.8AI score0.00132EPSS

CNNVD•added 4 days ago•4 views

Apache ActiveMQ security vulnerabilities

Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ. This vulnerability stems from the MessageServlet in the web...