CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1025 matches found

SUSE CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

7.5CVSS5.7AI score0.0008EPSS

Exploits1References3

SUSE CVE•added 2 days ago•7 views

SUSE CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS5.7AI score0.00046EPSS

Exploits1References3

ATTACKERKB•added 3 days ago•6 views

CVE-2026-10298

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whispermodelload of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and...

4.8CVSS5.4AI score0.00013EPSS

Exploits0References6Affected Software1

Vulnrichment•added 3 days ago•6 views

CVE-2026-0100

In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2AI score0.00005EPSS

Exploits0References1

RedhatCVE•added 3 days ago•5 views

CVE-2026-45372

A flaw was found in cpp-httplib, a C++ library for handling web requests. A remote attacker could exploit this vulnerability by sending a specially crafted web request. The server incorrectly processes certain encoded characters within the request's header information before checking their...

9.9CVSS5.9AI score0.00043EPSS

Exploits1References2

Positive Technologies•added 3 days ago•10 views

PT-2026-45276

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...

5.3CVSS5.6AI score0.00013EPSS

Exploits0References8

Tenable Nessus•added 5 days ago•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-45352

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes...

7.5CVSS5.7AI score0.0008EPSS

Exploits1References3

Tenable Nessus•added 5 days ago•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-46527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a...

8.7CVSS5.7AI score0.00046EPSS

Exploits1References3

Snyk•added 6 days ago•4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper validation of the chunk-size field in chunked Transfer-Encoding within the ChunkedDecoder::readpayload function. An attacker can cause unbounded memory allocation and...

7.5CVSS5.8AI score0.0008EPSS

Exploits1References2

Snyk•added 6 days ago•3 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the parseheader process. An attacker can inject arbitrary carriage return and line feed characters into HTTP headers by sending specially crafted percent-encoded values, potentially leading to response splitting or...

9.9CVSS5.9AI score0.00043EPSS

Exploits1References2

NVD•added 6 days ago•7 views

CVE-2026-46527

8.7CVSS0.00046EPSS

Exploits1References1

OSV•added 6 days ago•3 views

DEBIAN-CVE-2026-46527

7.5CVSS5.7AI score0.00046EPSS

Exploits1References1

NVD•added 6 days ago•6 views

CVE-2026-45372

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check isfieldvalue is run before decoding, so encode...

9.9CVSS0.00043EPSS

Exploits1References1

NVD•added 6 days ago•7 views

CVE-2026-45352

7.5CVSS0.0008EPSS

Exploits1References1

OSV•added 6 days ago•5 views

DEBIAN-CVE-2026-45352

7.5CVSS5.7AI score0.0008EPSS

Exploits1References1

OSV•added 6 days ago•3 views

UBUNTU-CVE-2026-45372

9.9CVSS5.6AI score0.00043EPSS

Exploits1References3

CVE•added 6 days ago•14 views

CVE-2026-45372

In cpp-httplib, prior to version 0.44.0, the server-side header parsing in parse_header applies percent-decoding to header values (except Location and Referer) after validating the pre-decoded string. The validity check (is_field_value) runs before decoding, allowing an encoded %0D%0A to bypass c...

9.9CVSS5.6AI score0.00043EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 6 days ago•6 views

CVE-2026-45372

9.9CVSS5.6AI score0.00043EPSS

Exploits1References2Affected Software1