CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2118 matches found

Traefik - Open Redirect

Traefik before 1.7.26, 2.2.8, and 2.3.0-rc3 contains an open redirect vulnerability in the X-Forwarded-Prefix header. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-15129 info: name:...

6.1CVSS5.8AI score0.76842EPSS

Exploits0References5

Nuclei•added 9 hours ago•15 views

Limit Login Attempts WordPress - Stored Cross-site Scripting

Limit Login Attempts WordPress plugin 4.0.50 contains a stored cross-site scripting caused by not escaping IP addresses controlled via headers like X-Forwarded-For before outputting them in reports, letting unauthenticated attackers execute scripts in admin context. id: CVE-2021-24657 info: name:...

6.1CVSS6.2AI score0.00538EPSS

Exploits2References2

SUSE CVE•added 3 days ago•8 views

SUSE CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS5.7AI score0.00061EPSS

Exploits1References3

GithubExploit•added 4 days ago•46 views

portswigger-labs

PortSwigger Web Security Academy — Lab Notes Notes from compl...

5.8AI score

Exploits0

RedhatCVE•added 4 days ago•5 views

CVE-2026-46527

A flaw was found in cpp-httplib, a C++ HTTP/HTTPS library. When a server using cpp-httplib has configured trusted proxies, a remote attacker can send a specially crafted HTTP request with a malformed X-Forwarded-For header. This can lead to undefined behavior, resulting in abnormal process...

8.7CVSS5.8AI score0.00061EPSS

Exploits1References2

NVD•added 5 days ago•9 views

CVE-2026-48210

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

5.7CVSS0.0001EPSS

Exploits0References1

Cvelist•added 5 days ago•41 views

CVE-2026-48210 Possible information disclosure via External Interface

5.7CVSS0.0001EPSS

Exploits0References1

Tenable Nessus•added 6 days ago•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-46527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a...

8.7CVSS5.7AI score0.00061EPSS

Exploits1References3

Snyk•added last week•5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the getclientip process when the server is configured with trusted proxies and receives a specially crafted X-Forwarded-For header that parses to no valid IP segments. An attacker can cause abnormal process...

8.7CVSS5.8AI score0.00061EPSS

Exploits1References2

NVD•added last week•10 views

CVE-2026-46527

8.7CVSS0.00061EPSS

Exploits1References1

OSV•added last week•4 views

DEBIAN-CVE-2026-46527

7.5CVSS5.7AI score0.00061EPSS

Exploits1References1

OSV•added last week•4 views

UBUNTU-CVE-2026-46527

8.7CVSS5.7AI score0.00061EPSS

Exploits1References3

Vulnrichment•added last week•6 views

CVE-2026-46527 cpp-httplib: Malicious `X-Forwarded-For` Under Trusted-Proxy Configuration Triggers Empty `vector::front()`, Leading to Undefined Behavior and Server Crash

8.7CVSS5.7AI score0.00061EPSS

Exploits1References1

CVE•added last week•13 views

CVE-2026-46527

cpp-httplib (C++11 header-only library) before 0.44.0 is vulnerable when Server::set_trusted_proxies() is used with a non-empty trusted-proxy list. An attacker can send an HTTP request with an X-Forwarded-For header that parses to no valid IP segments. The code path then calls get_client_ip(), wh...

8.7CVSS5.7AI score0.00061EPSS

Exploits1References1Affected Software1

Cvelist•added last week•32 views

CVE-2026-46527 cpp-httplib: Malicious `X-Forwarded-For` Under Trusted-Proxy Configuration Triggers Empty `vector::front()`, Leading to Undefined Behavior and Server Crash

8.7CVSS0.00061EPSS

Exploits1References1

ATTACKERKB•added last week•7 views

CVE-2026-46527

8.7CVSS5.7AI score0.00061EPSS

Exploits1References2Affected Software1

EUVD•added last week•6 views

EUVD-2026-33426

8.7CVSS5.7AI score0.00061EPSS

Exploits1References1

Positive Technologies•added 2026/05/29 12:0 a.m.•6 views

PT-2026-44991

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set trusted proxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no vali...

8.7CVSS5.7AI score0.00061EPSS

Exploits1References2

CNNVD•added 2026/05/29 12:0 a.m.•5 views

cpp-httplib 代码问题漏洞

cpp-httplib is a C++ library developed by Yhirose, designed for HTTP/HTTPS servers and clients. Versions of cpp-httplib prior to 0.44.0 contained code vulnerabilities. These vulnerabilities occurred when the server had a non-empty trusted proxy list; attackers could send HTTP requests with the...

8.7CVSS5.9AI score0.00061EPSS

Exploits1References1

NVD•added 2026/05/28 10:17 p.m.•8 views

CVE-2026-45364

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it received in x-forwarded-for or the configured IP-bearing header. IPv6 clients controlling a typical /6...

7.3CVSS0.00083EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by