CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

50 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в libsoup2.4

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...

5.3CVSS5.8AI score0.00036EPSS

Exploits0References2

Microsoft CVE•added 2026/04/02 8:5 a.m.•2 views

Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake

...

8.2CVSS7.1AI score0.00085EPSS

Exploits1

NVD•added 2026/03/26 8:16 p.m.•0 views

CVE-2026-2436

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the soupserverdisconnect function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a...

8.2CVSS0.00085EPSS

Exploits1References3

OSV•added 2026/03/26 8:16 p.m.•0 views

UBUNTU-CVE-2026-2436

8.2CVSS7AI score0.00085EPSS

Exploits1References3

Cvelist•added 2026/03/26 7:31 p.m.•22 views

CVE-2026-2436 Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake

6.5CVSS0.00085EPSS

Exploits1References3

CVE•added 2026/03/26 7:31 p.m.•12 views

CVE-2026-2436

CVE-2026-2436 : A use-after-free in libsoup’s SoupServer can be triggered by a TLS handshake timing issue. Specifically, soup_server_disconnect() may free connection objects prematurely; if the TLS handshake completes after the object is freed, a dangling pointer access can crash the server, caus...

8.2CVSS5.7AI score0.00085EPSS

Exploits1References3Affected Software2

Vulnrichment•added 2026/03/26 7:31 p.m.•3 views

CVE-2026-2436 Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake

6.5CVSS5.8AI score0.00085EPSS

Exploits1References3

OSV•added 2026/03/20 2:25 p.m.•1 views

OESA-2026-1684 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was identified in libsoup, a widely used HTTP library in GNOME-based...

5.3CVSS7.1AI score0.00036EPSS

Exploits0References2

OSV•added 2026/03/17 10:16 a.m.•2 views

UBUNTU-CVE-2026-3632

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where...

5.5CVSS7AI score0.00129EPSS

Exploits1References2

SUSE Linux•added 2026/03/05 7:55 p.m.•5 views

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects bsc1257441...

8.8CVSS5.8AI score0.00074EPSS

Exploits1References12

SUSE Linux•added 2026/03/04 9:33 a.m.•2 views

Security update for libsoup

8.8CVSS5.9AI score0.00074EPSS

Exploits1References12

SUSE Linux•added 2026/03/03 3:15 p.m.•1 views

Security update for libsoup

8.8CVSS5.9AI score0.00074EPSS

Exploits1References12

OSV•added 2026/02/28 12:44 p.m.•2 views

OESA-2026-1449 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in SoupServer. This HTTP request smuggling vulnerability occur...

9.1CVSS5.9AI score0.00029EPSS

Exploits0References4