Lucene search
+L

33 matches found

cve
cve
added 2026/04/01 8:28 p.m.36 views

CVE-2026-34525

AIOHTTP (async HTTP client/server for asyncio and Python) before version 3.13.4 allowed multiple Host headers due to its header handling. This issue has been fixed in version 3.13.4. Affected component: Host header processing in aiohttp prior to 3.13.4. Remediation: upgrade to 3.13.4 or later. Ex...

6.3CVSS5.8AI score0.00288EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/04/01 8:28 p.m.2 views

CVE-2026-34525 AIOHTTP: Duplicate Host header accepted

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

6.3CVSS5.9AI score0.00288EPSS
Exploits0References6
osv
osv
added 2026/03/18 10:1 a.m.4 views

OPENSUSE-SU-2026:20384-1 Security update for libsoup

This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049:...

9.1CVSS7AI score0.00821EPSS
Exploits2References18
osv
osv
added 2026/03/13 8:41 a.m.3 views

OPENSUSE-SU-2026:20354-1 Security update for libsoup2

This update for libsoup2 fixes the following issues: - CVE-2025-4476: null pointer dereference may lead to denial of service bsc1243422. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049: Denial of Service attack to websocket server...

9.1CVSS8.1AI score0.00821EPSS
Exploits3References22
osv
osv
added 2026/02/06 3:57 p.m.6 views

OESA-2026-1326 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a...

8.6CVSS6.7AI score0.00557EPSS
Exploits0References3
osv
osv
added 2026/02/06 3:57 p.m.10 views

OESA-2026-1324 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a...

8.6CVSS6.7AI score0.00557EPSS
Exploits0References3
osv
osv
added 2026/01/30 10:7 p.m.4 views

RLSA-2026:1509 Important: spice-client-win security update

Spice client MSI installers for Windows clients Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy First- vs Last-Value Wins CVE-2025-14523 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

8.2CVSS5.9AI score0.00505EPSS
Exploits0References2
redhat
redhat
added 2026/01/29 11:17 a.m.12 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.8AI score0.00505EPSS
Exploits0References5
nessus
nessus
added 2026/01/29 12:0 a.m.3 views

RHEL 8 : spice-client-win (RHSA-2026:1569)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1569 advisory. Spice client MSI installers for Windows clients Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy Firs...

8.2CVSS6AI score0.00505EPSS
Exploits0References4
suse
suse
added 2026/01/22 4:10 p.m.4 views

Security update for libsoup2

This update for libsoup2 fixes the following issues: CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. CVE-2026-0719: Fixed overflow for password md4sum bsc1256399 Patch Instructions: To install this SUSE update use the SUSE recommended installation method...

9.2CVSS5.5AI score0.00557EPSS
Exploits0References8
osv
osv
added 2026/01/22 12:8 p.m.4 views

SUSE-SU-2026:0211-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. - CVE-2026-0716: Fixed out-of-bounds read for websocket bsc1256418 - CVE-2026-0719: Fixed overflow for password md4sum bsc1256399...

8.6CVSS5.8AI score0.00557EPSS
Exploits0References7
nessus
nessus
added 2026/01/22 12:0 a.m.3 views

RHEL 7 : libsoup (RHSA-2026:0925)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0925 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes...

8.2CVSS5.6AI score0.00505EPSS
Exploits0References4
redhat
redhat
added 2026/01/21 12:55 p.m.5 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.8AI score0.00505EPSS
Exploits0References5
redhat
redhat
added 2026/01/21 6:39 a.m.6 views

Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.2CVSS5.8AI score0.00505EPSS
Exploits0References2
redhat
redhat
added 2026/01/21 6:39 a.m.3 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.8AI score0.00505EPSS
Exploits0References5
redhat
redhat
added 2026/01/21 5:26 a.m.10 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.8AI score0.00505EPSS
Exploits0References5
redhat
redhat
added 2026/01/21 5:17 a.m.28 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.8AI score0.00505EPSS
Exploits0References5
nessus
nessus
added 2026/01/21 12:0 a.m.5 views

RHEL 8 : libsoup (RHSA-2026:0905)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0905 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes...

8.2CVSS5.6AI score0.00505EPSS
Exploits0References4
nessus
nessus
added 2026/01/21 12:0 a.m.4 views

RHEL 9 : libsoup (RHSA-2026:0908)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0908 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes...

8.2CVSS5.6AI score0.00505EPSS
Exploits0References4
nessus
nessus
added 2026/01/21 12:0 a.m.3 views

RHEL 8 : libsoup (RHSA-2026:0909)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0909 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes...

8.2CVSS5.6AI score0.00505EPSS
Exploits0References4
Rows per page
Query Builder