Lucene search
+L

2257 matches found

SUSE CVE
SUSE CVE
added 2026/06/02 1:37 a.m.29 views

SUSE CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

7.5CVSS5.7AI score0.00327EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/06/01 2:24 p.m.88 views

portswigger-labs

PortSwigger Web Security Academy — Lab Notes Notes from compl...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/01 1:19 p.m.13 views

CVE-2026-46527

A flaw was found in cpp-httplib, a C++ HTTP/HTTPS library. When a server using cpp-httplib has configured trusted proxies, a remote attacker can send a specially crafted HTTP request with a malformed X-Forwarded-For header. This can lead to undefined behavior, resulting in abnormal process...

8.7CVSS5.8AI score0.00327EPSS
Exploits1References2
NVD
NVD
added 2026/05/31 10:16 p.m.16 views

CVE-2026-48210

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

5.7CVSS0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/31 9:11 p.m.49 views

CVE-2026-48210 Possible information disclosure via External Interface

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

5.7CVSS0.00248EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-46527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a...

8.7CVSS5.4AI score0.00327EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/29 9:14 p.m.12 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the getclientip process when the server is configured with trusted proxies and receives a specially crafted X-Forwarded-For header that parses to no valid IP segments. An attacker can cause abnormal process...

8.7CVSS5.8AI score0.00327EPSS
Exploits1References2
NVD
NVD
added 2026/05/29 8:16 p.m.21 views

CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS0.00327EPSS
Exploits1References1
OSV
OSV
added 2026/05/29 8:16 p.m.9 views

DEBIAN-CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

7.5CVSS5.7AI score0.00327EPSS
Exploits1References1
OSV
OSV
added 2026/05/29 8:16 p.m.24 views

UBUNTU-CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS5.7AI score0.00327EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/29 7:18 p.m.12 views

EUVD-2026-33426

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS5.7AI score0.00327EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/29 7:18 p.m.40 views

CVE-2026-46527 cpp-httplib: Malicious `X-Forwarded-For` Under Trusted-Proxy Configuration Triggers Empty `vector::front()`, Leading to Undefined Behavior and Server Crash

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS0.00327EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/29 7:18 p.m.11 views

CVE-2026-46527 cpp-httplib: Malicious `X-Forwarded-For` Under Trusted-Proxy Configuration Triggers Empty `vector::front()`, Leading to Undefined Behavior and Server Crash

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS5.7AI score0.00327EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:18 p.m.10 views

CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS5.7AI score0.00327EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/29 7:18 p.m.31 views

CVE-2026-46527

cpp-httplib (C++11 header-only library) before 0.44.0 is vulnerable when Server::set_trusted_proxies() is used with a non-empty trusted-proxy list. An attacker can send an HTTP request with an X-Forwarded-For header that parses to no valid IP segments. The code path then calls get_client_ip(), wh...

8.7CVSS5.7AI score0.00327EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/29 7:18 p.m.1 views

CVE-2026-46527 cpp-httplib: Malicious `X-Forwarded-For` Under Trusted-Proxy Configuration Triggers Empty `vector::front()`, Leading to Undefined Behavior and Server Crash

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

8.7CVSS7.1AI score0.00327EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44991

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.44.0 Description A denial of service occurs when the server uses the set trusted proxies function with a non-empty trusted-proxy list. An attacker can send an HTTP request containing an X-Forwarded-For header wi...

8.7CVSS5.2AI score0.00327EPSS
Exploits1References13
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

cpp-httplib 代码问题漏洞

cpp-httplib is a C++ library developed by Yhirose, designed for HTTP/HTTPS servers and clients. Versions of cpp-httplib prior to 0.44.0 contained code vulnerabilities. These vulnerabilities occurred when the server had a non-empty trusted proxy list; attackers could send HTTP requests with the...

8.7CVSS5.9AI score0.00327EPSS
Exploits1References1
NVD
NVD
added 2026/05/28 10:17 p.m.16 views

CVE-2026-45364

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it received in x-forwarded-for or the configured IP-bearing header. IPv6 clients controlling a typical /6...

7.3CVSS0.00295EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Better Auth 安全漏洞

Better Auth is an open-source TypeScript framework for authentication. Versions of Better Auth prior to 1.4.17 and 1.5.0-beta.9 contained security vulnerabilities. These vulnerabilities stemmed from the HTTP rate limiter, which keyed each request based on the exact text IP address in the...

7.3CVSS5.8AI score0.00295EPSS
Exploits0References5
Rows per page
Query Builder