CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/05/22 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-33637

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow...

6.5CVSS5.4AI score0.0001EPSS

Exploits1References3

SUSE CVE•added 2026/05/21 2:29 a.m.•9 views

SUSE CVE-2026-33637

OSV•added 2026/05/19 7:16 p.m.•2 views

Exploits1References3

DEBIAN-CVE-2026-33637

NVD•added 2026/05/19 7:16 p.m.•11 views

CVE-2026-33637

6.5CVSS0.0001EPSS

OSV•added 2026/05/19 7:16 p.m.•4 views

UBUNTU-CVE-2026-33637

UbuntuCve•added 2026/05/19 7:16 p.m.•4 views

Exploits1References4

CVE-2026-33637

ATTACKERKB•added 2026/05/19 5:44 p.m.•6 views

Exploits1References3

CVE-2026-33637

Exploits1References3Affected Software1

Cvelist•added 2026/05/19 5:44 p.m.•28 views

CVE-2026-33637 Faraday: Protocol-relative URI objects still bypass host scoping (possible incomplete fix for GHSA-33mh-2634-fwr2)

0.0001EPSS

EUVD•added 2026/05/19 5:44 p.m.•10 views

EUVD-2026-30966

CVE•added 2026/05/19 5:44 p.m.•8 views

CVE-2026-33637

Faraday (HTTP client library) vulnerability CVE-2026-33637 affects versions 2.0.0–2.14.1, where protocol-relative host override is still possible when the request target is passed as a URI object to Faraday::Connection#build_exclusive_url. This can enable off-host request forgery by redirecting a...

Exploits1References2Affected Software1

Vulnrichment•added 2026/05/19 5:44 p.m.•5 views

CVE-2026-33637 Faraday: Protocol-relative URI objects still bypass host scoping (possible incomplete fix for GHSA-33mh-2634-fwr2)

Debian CVE•added 2026/05/19 5:44 p.m.•7 views

CVE-2026-33637

CNNVD•added 2026/05/19 12:0 a.m.•5 views

Exploits1

faraday 代码问题漏洞

Faraday is an open-source HTTP client library developed by LostIsland. There are code vulnerabilities in the Faraday version 2.0.0 to 2.14.1. These vulnerabilities stem from the fact that requests passed as URI objects still allow protocol-related host overrides, leading to request forgery attack...

6.5CVSS5.9AI score0.0001EPSS

Github Security Blog•added 2026/05/18 2:51 p.m.•16 views

Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2: protocol-relative URI objects still bypass host scoping

Summary Faraday::Connectionbuildexclusiveurl still allows protocol-relative host override when the request target is provided as a URI object instead of a String. This bypasses the February 2026 fix for GHSA-33mh-2634-fwr2 and can redirect a request built from a fixed-base Faraday::Connection to ...

6.5CVSS6AI score0.0001EPSS

Exploits1References5Affected Software1

Snyk•added 2026/05/18 2:51 p.m.•6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the buildexclusiveurl function. An attacker can redirect requests to an attacker-controlled host while preserving sensitive connection-scoped headers such as Authorization by supplying a...

6.9CVSS5.8AI score0.00022EPSS

Circl•added 2026/05/18 12:45 p.m.•7 views

CVE-2026-33637

creationtimestamp| type| source ---|---|--- 2026-05-18 12:45:09+00:00| published-proof-of-concept| https://github.com/lostisland/faraday/security/advisories/GHSA-5rv5-xj5j-3484...

6.5CVSS5.8AI score0.0001EPSS