CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

283 matches found

Vulnrichment•added 2026/03/27 12:46 a.m.•3 views

CVE-2026-33745 cpp-httplib Client Leaks Authentication Credentials to Untrusted Hosts on Cross-Origin HTTP Redirect

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects 301/302/307/308. A malicious or...

7.4CVSS5.7AI score0.00262EPSS

Exploits1References1

ATTACKERKB•added 2026/03/27 12:46 a.m.•2 views

CVE-2026-33745

7.4CVSS5.6AI score0.00262EPSS

Exploits1References2Affected Software1

CVE•added 2026/03/27 12:46 a.m.•10 views

CVE-2026-33745

The CVE affects cpp-httplib (a C++11 single-file header-only HTTP/HTTPS library). Before 0.39.0, the HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin redirects (301/302/307/308). A malicious or compromised server can ...

7.4CVSS5.6AI score0.00262EPSS

Exploits1References1Affected Software1

OSV•added 2026/03/27 12:46 a.m.•1 views

CVE-2026-33745 cpp-httplib Client Leaks Authentication Credentials to Untrusted Hosts on Cross-Origin HTTP Redirect

7.4CVSS5.7AI score0.00262EPSS

Exploits1References3

Debian CVE•added 2026/03/27 12:46 a.m.•5 views

CVE-2026-33745

7.4CVSS5.5AI score0.00262EPSS

Exploits1

CNNVD•added 2026/03/27 12:0 a.m.•4 views

cpp-httplib 信息泄露漏洞

cpp-httplib is a C++ library developed by Yhirose, which includes HTTP/HTTPS server and client components. Versions of cpp-httplib prior to 0.39.0 contained an information leakage vulnerability. This vulnerability stemmed from the HTTP client forwarding stored credentials when following...

7.4CVSS5.8AI score0.00262EPSS

Exploits1References1

Positive Technologies•added 2026/03/26 12:0 a.m.•3 views

PT-2026-28524

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.39.0 Description The cpp-httplib HTTP client improperly handles cross-origin HTTP redirects 301, 302, 307, 308. Specifically, it forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary...

7.4CVSS6AI score0.00262EPSS

Exploits2References16

Fedora•added 2026/03/21 1:11 a.m.•6 views

[SECURITY] Fedora 42 Update: cpp-httplib-0.37.1-2.fc42

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code!...

7.5CVSS5.7AI score0.00602EPSS

Exploits4

Tenable Nessus•added 2026/03/21 12:0 a.m.•6 views

Fedora 43 : cpp-httplib (2026-c2049f7220)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c2049f7220 advisory. Update to 0.37.0 rhbz2441656 - Fixes Denial of Service via crafted HTTP POST request CVE-2026-29076, rhbz2445663 Update to 0.35.0 - Payload size lim...

7.5CVSS6AI score0.00602EPSS

Exploits4References5

Tenable Nessus•added 2026/03/21 12:0 a.m.•5 views

Fedora 42 : cpp-httplib (2026-6ed9c65eaf)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6ed9c65eaf advisory. Update to 0.37.1 rbhz2445943 - Fixes Denial of Service via malformed Content-Length header CVE-2026-31870 - Reenables 32-bit build Update to 0.37.0...

7.5CVSS6AI score0.00602EPSS

Exploits4References5

Tenable Nessus•added 2026/03/19 12:0 a.m.•4 views

Fedora 44 : cpp-httplib (2026-2c2afa9f9e)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2c2afa9f9e advisory. Update to 0.37.1 - Fixes Denial of Service via malformed Content-Length header CVE-2026-31870 - Reenable 32b builds Update to 0.37.0 rhbz2441656 -...

7.5CVSS6AI score0.00602EPSS

Exploits4References5

SUSE CVE•added 2026/03/17 12:24 a.m.•1 views

SUSE CVE-2026-32627

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...

8.7CVSS5.6AI score0.00179EPSS

Exploits1References3

Tenable Nessus•added 2026/03/17 12:0 a.m.•11 views

Fedora 45 : cpp-httplib (2026-06d1b46d1e)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-06d1b46d1e advisory. Automatic update for cpp-httplib-0.38.0-1.fc45. Changelog Tue Mar 17 2026 Petr Menk - 0.38.0-1 - Update to 0.38.0 rhbz2447261 Tue Mar 17 2026 Petr Menk -...

8.7CVSS5.9AI score0.00179EPSS

Exploits1References2

OSV•added 2026/03/16 2:19 p.m.•3 views

DEBIAN-CVE-2026-32627

8.1CVSS5.4AI score0.00179EPSS

Exploits1References1

NVD•added 2026/03/16 2:19 p.m.•4 views

CVE-2026-32627

8.7CVSS0.00179EPSS

Exploits1References1

OSV•added 2026/03/15 5:53 a.m.•2 views

OESA-2026-1554 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ excepti...

7.5CVSS5.6AI score0.00602EPSS

Exploits3References4

OSV•added 2026/03/15 5:53 a.m.•2 views

OESA-2026-1553 cpp-httplib security update

7.5CVSS5.6AI score0.00602EPSS

Exploits3References4

Tenable Nessus•added 2026/03/14 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-32627

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and...

8.7CVSS5.7AI score0.00179EPSS

Exploits1References3