Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

306 matches found

AstraLinux
AstraLinuxadded 6 days ago2 views

Astra Linux – Vulnerability in libsoup2.4

A flaw was discovered in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read data beyond its intended range...

7.4CVSS7.1AI score0.00637EPSS
Exploits0References2
AstraLinux
AstraLinuxadded 6 days ago4 views

Astra Linux – Vulnerability in libsoup2.4

A flaw was discovered in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

7.5CVSS7.2AI score0.00694EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/06/06 12:0 a.m.9 views

RHEL 9 : libsoup (RHSA-2026:22317)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22317 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext...

8.2CVSS5.6AI score0.00254EPSS
Exploits1References5
CNNVD
CNNVDadded 2026/05/29 12:0 a.m.7 views

libsoup 安全漏洞

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability, which stems from an error in the unsigned-to-signed conversion in the soupbodyinputstreamreadchunked function. This vulnerability could allow remote attackers to bypass security controls by sending...

4.8CVSS5.8AI score0.00872EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2026/05/29 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-6324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a...

4.8CVSS5.8AI score0.00872EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/05/26 12:0 a.m.10 views

TencentOS Server 3: libsoup (TSSA-2026:0368)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0368 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2026/05/25 12:0 a.m.14 views

Alibaba Cloud Linux 3 : 0124: libsoup (ALINUX3-SA-2026:0124)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0124 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-5119: A flaw was found in libsoup. When...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2026/05/19 12:0 a.m.8 views

RHEL 9 : libsoup (RHSA-2026:19356)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19356 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext...

8.2CVSS5.9AI score0.00254EPSS
Exploits1References5
RedHat Linux
RedHat Linuxadded 2026/05/11 9:39 p.m.28 views

libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.8AI score0.00829EPSS
Exploits1References5
Tenable Nessus
Tenable Nessusadded 2026/05/11 12:0 a.m.7 views

MiracleLinux 8 : libsoup-2.62.3-14.el8_10 (AXSA:2026-596:09)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-596:09 advisory. libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 Tenable has extracted the...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2026/05/08 12:0 a.m.7 views

MiracleLinux 9 : libsoup-2.72.0-12.el9_7.6 (AXSA:2026-573:08)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-573:08 advisory. libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 Tenable has extracted the...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2026/05/08 12:0 a.m.5 views

AlmaLinux 8 : libsoup (ALSA-2026:14087)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:14087 advisory. libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 Tenable has extracted the preceding...

8.2CVSS5.8AI score0.00254EPSS
Exploits1References3
RedHat Linux
RedHat Linuxadded 2026/05/06 1:0 p.m.60 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.7AI score0.00254EPSS
Exploits1References5
NVD
NVDadded 2026/04/23 10:16 p.m.3 views

CVE-2026-2708

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...

5.3CVSS0.00321EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletinsadded 2026/04/23 11:3 a.m.9 views

Security Bulletin: Vulnerability in libsoup affects IBM Netezza Appliance

Summary The libsoup package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVECVE-2025-14523 Vulnerability Details CVEID:CVE-2025-14523 DESCRIPTION: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last...

8.2CVSS5.8AI score0.00496EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessusadded 2026/04/23 12:0 a.m.1 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libsoup (UTSA-2026-014298)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014298 advisory. A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured a...

5.8CVSS5.7AI score0.00312EPSS
Exploits1References4
Tenable Nessus
Tenable Nessusadded 2026/04/23 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libsoup (UTSA-2026-014280)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014280 advisory. A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length...

8.6CVSS7.5AI score0.00947EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2026/04/21 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-5119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the...

8.2CVSS5.5AI score0.00254EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2026/04/17 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: libsoup (UTSA-2026-007256)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007256 advisory. A flaw in libsoups HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies...

8.2CVSS5.8AI score0.00496EPSS
Exploits0References4
CVE
CVEadded 2026/03/30 5:35 a.m.126 views

CVE-2026-5119

CVE-2026-5119 concerns libsoup. The flaw: when establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext inside the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, enabling ...

8.2CVSS5.9AI score0.00254EPSS
Exploits1References17Affected Software2
Rows per page
Query Builder