CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 4 days ago•13 views

CVE-2026-54387

CVE-2026-54387 affects Tinyproxy up to version 1.11.3. It fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to consume the request body. This desynchronizes frontend/backend parsers and can enab...

9.3CVSS5.6AI score0.00385EPSS

EUVD•added 4 days ago•6 views

EUVD-2026-37789

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...

9.3CVSS5.5AI score0.00385EPSS

Cvelist•added 4 days ago•14 views

CVE-2026-54387 Tinyproxy - HTTP Request Smuggling via CL/TE Desynchronization

9.3CVSS0.00385EPSS

Debian CVE•added 4 days ago•5 views

CVE-2026-54387

9.3CVSS5.6AI score0.00385EPSS

Exploits0

Vulnrichment•added 4 days ago•6 views

CVE-2026-54387 Tinyproxy - HTTP Request Smuggling via CL/TE Desynchronization

9.3CVSS6AI score0.00385EPSS

NVD•added 4 days ago•7 views

CVE-2026-55197

Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts. Attackers can bypass profile boundary checks by directly querying session IDs belonging to other profiles via GET...

7.1CVSS0.00272EPSS

NVD•added 4 days ago•9 views

CVE-2026-55198

Hermes WebUI before 0.51.443 contains an authorization bypass vulnerability in the session export endpoint that allows authenticated users to access sessions from other profiles. The handlesessionexport handler in api/routes.py fails to verify active-profile ownership before serializing session...

7.1CVSS0.00272EPSS

NVD•added 4 days ago•6 views

CVE-2026-55196

Hermes WebUI before 0.51.409 contains an authentication bypass vulnerability in passkey registration endpoints that allows unauthenticated remote attackers to register arbitrary passkeys. When HERMESWEBUIPASSKEY=1 is enabled with no existing credentials, POST /api/auth/passkey/register/options an...

9.1CVSS0.00579EPSS

NVD•added 4 days ago•8 views

CVE-2026-53871

Hermes WebUI before 0.51.368 contains an authorization bypass vulnerability in the getprofilecookie function that accepts unauthenticated profile names from the hermesprofile cookie. An authenticated attacker can forge the hermesprofile cookie value to bypass profile-scoped authorization checks a...

8.6CVSS0.00365EPSS

NVD•added 4 days ago•8 views

CVE-2026-53869

Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling...

8.7CVSS0.006EPSS

NVD•added 4 days ago•7 views

CVE-2026-53870

Hermes Agent before 0.16.0 creates responsestore.db and webhooksubscriptions.json with world-readable permissions mode 0o644, exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including...

6.8CVSS0.00108EPSS

NVD•added 4 days ago•8 views

CVE-2026-48818

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

7.5CVSS0.00482EPSS

Debian CVE•added 4 days ago•3 views

CVE-2026-55202

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS5.4AI score0.00335EPSS

Exploits0

Cvelist•added 4 days ago•16 views

CVE-2026-55202 Tinyproxy - Stathost Detection Bypass via Host Header Manipulation

8.8CVSS0.00335EPSS

EUVD•added 4 days ago•6 views

EUVD-2026-37786

8.8CVSS5.3AI score0.00335EPSS

CVE•added 4 days ago•9 views

CVE-2026-55202

Tinyproxy (up to version 1.11.3) contains a vulnerability in stathost detection where the Host header is not properly validated. This allows unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation, potentially misrouting req...

8.8CVSS5.4AI score0.00335EPSS

EUVD•added 4 days ago•6 views

EUVD-2026-37785

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the downloaddir function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem...

7.4CVSS5.4AI score0.00304EPSS

CVE•added 4 days ago•9 views

CVE-2026-55201

CVE-2026-55201 affects Evil-WinRM (up to version 3.9). A path traversal in download_dir() can cause the server to generate filenames with traversal sequences from Get-ChildItem output, which are passed unsanitized to File.join(), enabling writes outside the intended download directory. Attackers ...

7.4CVSS5.5AI score0.00304EPSS

Cvelist•added 4 days ago•16 views

CVE-2026-55201 Evil-WinRM - Path Traversal in download_dir() Function

7.4CVSS0.00304EPSS