CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/01/28 4:16 p.m.•1 views

UBUNTU-CVE-2026-1536

5.8CVSS6.1AI score0.00133EPSS

Exploits1References4

Cvelist•added 2026/01/28 3:15 p.m.•30 views

CVE-2026-1536 Libsoup: libsoup: http header injection or response splitting via crlf injection in content-disposition header

5.8CVSS0.00133EPSS

CVE•added 2026/01/28 3:15 p.m.•16 views

CVE-2026-1536

CVE-2026-1536 refers to a flaw in the libsoup HTTP library where an attacker able to control the Content-Disposition header input can inject CRLF sequences. This results in arbitrary HTTP header injection or HTTP response splitting without authentication. The connected IBM ACE bulletin documents ...

Exploits1References3Affected Software2

ATTACKERKB•added 2026/01/28 3:15 p.m.•2 views

CVE-2026-1536

EUVD•added 2026/01/28 3:15 p.m.•2 views

EUVD-2026-4887

Vulnrichment•added 2026/01/28 3:15 p.m.•2 views

CVE-2026-1536 Libsoup: libsoup: http header injection or response splitting via crlf injection in content-disposition header

RedhatCVE•added 2026/01/28 3:15 p.m.•2 views

CVE-2026-1536

Snyk•added 2026/01/28 12:0 a.m.•2 views

Exploits1References4

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the soupmessageheaderssetcontentdisposition function. An attacker can inject arbitrary HTTP headers by supplying specially crafted input containing CRLF sequences to the Content-Disposition header. Remediation A fix w...

8.6CVSS6.2AI score0.00133EPSS

CNNVD•added 2026/01/28 12:0 a.m.•1 views

LibSoup injection vulnerability

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a vulnerability due to improper control of the Content-Disposition header, which may lead to HTTP header injection or HTTP response splitting...

5.8CVSS6AI score0.00133EPSS

RedhatCVE•added 2026/01/22 10:8 p.m.•4 views

CVE-2026-23499

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...

Snyk•added 2026/01/21 10:46 p.m.•7 views

Exploits1References1

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload arbitrary files. An attacker can execute arbitrary scripts in the context of another user's browser by uploading malicious HTML or SVG files that are then rendered from the same domain as the...

8.5CVSS6AI score0.00061EPSS

NVD•added 2026/01/21 10:15 p.m.•3 views

CVE-2026-23499

8.5CVSS0.00061EPSS

Cvelist•added 2026/01/21 9:36 p.m.•15 views

CVE-2026-23499 Saleor vulnerable to stored XSS via Unrestricted File Upload

8.5CVSS0.00061EPSS

CVE•added 2026/01/21 9:36 p.m.•7 views

CVE-2026-23499

CVE-2026-23499 affects Saleor prior to fixes: versions 3.20.108, 3.21.43, and 3.22.27 contain a file-upload vulnerability allowing authenticated staff or Apps to upload arbitrary HTML/SVG files. If media is served from the same domain as the dashboard and Content-Disposition: attachment header is...

Exploits1References7Affected Software1

EUVD•added 2026/01/21 9:36 p.m.•2 views

EUVD-2026-3775

Vulnrichment•added 2026/01/21 9:36 p.m.•2 views

CVE-2026-23499 Saleor vulnerable to stored XSS via Unrestricted File Upload

ATTACKERKB•added 2026/01/21 9:36 p.m.•1 views

CVE-2026-23499

8.5CVSS5.7AI score0.00061EPSS

Exploits1References8Affected Software1

RedHat Linux•added 2026/01/21 3:59 p.m.•3 views

tornado: Tornado Quadratic DoS via Crafted Multipart Parameters

A denial of service flaw has been discovered in the Tornado networking library. Affected versions of Tornado us an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values,...

7.5CVSS5.8AI score0.00036EPSS

Exploits0References7

Positive Technologies•added 2026/01/21 12:0 a.m.•2 views

PT-2026-3867