CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16521 matches found

OSV•added 2026/03/20 2:24 p.m.•2 views

OESA-2026-1666 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Inconsistent Interpretation of HTTP Requests 'HTTP...

9.4CVSS5.8AI score0.00065EPSS

Exploits0References4

OSV•added 2026/03/20 2:24 p.m.•5 views

OESA-2026-1665 erlang security update

9.4CVSS5.8AI score0.00065EPSS

Exploits0References4

Fedora•added 2026/03/20 12:18 a.m.•5 views

[SECURITY] Fedora 44 Update: cpp-httplib-0.37.1-2.fc44

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

7.5CVSS5.7AI score0.00116EPSS

Exploits4

IBM Security Bulletins•added 2026/03/19 1:33 p.m.•3 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to HTTP Request Smuggling CVE-2025-58056

Summary Netty is used by the IBM Datapower Operations Dashboard in their network implementation Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients...

7.5CVSS5.8AI score0.00097EPSS

Exploits2Affected Software1

OSSF Malicious Packages•added 2026/03/18 12:37 p.m.•5 views

Malicious code in abstract-http-request (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84130e04f5582700fd6841f67e465fb571518a710f3257fae0990653bf08aa92 The package abstract-http-request was found to contain malicious code...

5.8AI score

Exploits0

OSV•added 2026/03/18 12:37 p.m.•3 views

MAL-2026-1646 Malicious code in abstract-http-request (npm)

5.8AI score

Exploits0

OSV•added 2026/03/18 10:1 a.m.•1 views

SUSE-SU-2026:20902-1 Security update for libsoup

This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049:...

9.1CVSS6AI score0.00605EPSS

Exploits2References19

OSV•added 2026/03/18 10:1 a.m.•2 views

OPENSUSE-SU-2026:20384-1 Security update for libsoup

9.1CVSS7AI score0.00605EPSS

Exploits2References18

Vulnrichment•added 2026/03/18 12:30 a.m.•3 views

CVE-2026-29057 Next.js: HTTP request smuggling in rewrites

Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary...

6.3CVSS5.9AI score0.00031EPSS

Exploits0References4

EUVD•added 2026/03/17 4:17 p.m.•2 views

EUVD-2026-12704

Next.js: HTTP request smuggling in rewrites...

6.3CVSS5.8AI score0.00031EPSS

Exploits0References4

RedHat Linux•added 2026/03/17 4:1 a.m.•1 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS7.1AI score0.00045EPSS

Exploits0References8

SUSE CVE•added 2026/03/16 5:32 p.m.•0 views

SUSE CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

4.8CVSS5.8AI score0.00032EPSS

Exploits0References6

EUVD•added 2026/03/16 3:30 p.m.•4 views

EUVD-2026-12214

A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmcsync.php of the component HTTP Request Handler. Executing a manipulation of the argument templatepath can lead to os command injection. The...

10CVSS7.1AI score0.0022EPSS

Exploits0References5

Tenable Nessus•added 2026/03/15 12:0 a.m.•6 views

openSUSE 16 Security Update : libsoup2 (openSUSE-SU-2026:20354-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20354-1 advisory. - CVE-2025-4476: null pointer dereference may lead to denial of service bsc1243422. - CVE-2025-14523: Duplicate Host Header Handling Causes...

9.1CVSS7.4AI score0.00605EPSS

Exploits3References33

Tenable Nessus•added 2026/03/15 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-23941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This...

9.4CVSS7.1AI score0.00032EPSS

Exploits0References2

EUVD•added 2026/03/13 9:31 p.m.•3 views

EUVD-2026-11713

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to a reboot of the device, provided they hav...

7.5CVSS5.8AI score0.00343EPSS

Exploits0References3

OSV•added 2026/03/13 7:54 p.m.•3 views

DEBIAN-CVE-2026-23941

9.4CVSS7.3AI score0.00032EPSS

Exploits0References1