CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

GithubExploit•added 50 minutes ago•6 views

Exploit for CVE-2026-49975

CVE-2026-49975 — HTTP/2 Bomb PoC !CVEhttps://img.shields...

RedhatCVE•added 2 hours ago•0 views

Exploits1

CVE-2026-47323

A flaw was found in Apache Camel. An unauthenticated attacker could inject Camel-internal headers via HTTP requests to CXF-RS or CXF-SOAP endpoints due to missing inbound filtering in the HeaderFilterStrategy implementations. This allows the attacker to override configured values when messages ar...

9.8CVSS0.00085EPSS

Exploits0References4

NVD•added 3 hours ago•3 views

CVE-2026-41859

A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...

7.8CVSS

6.4CVSS6.1AI score0.00055EPSS

SUSE CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

Exploits0References3

7.5CVSS5.8AI score0.00023EPSS

SUSE CVE-2026-42039

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and...

Exploits1References3

10CVSS5.8AI score0.0002EPSS

SUSE CVE-2026-42043

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range other than 127.0.0.1 to completely bypass the NOPROXY protection. This vulnerability is due t...

Exploits1References3

SUSE CVE•added 4 hours ago•1 views

SUSE CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS5.8AI score0.00019EPSS

Exploits0References3

2.3CVSS5.8AI score0.00083EPSS

SUSE CVE-2026-50052

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

Exploits0References3

CVE•added 5 hours ago•6 views

CVE-2026-41859

CVE-2026-41859 describes a man-in-the-middle between nats-sync and the BOSH director that can steal director credentials (Basic auth header or UAA client secret) and tamper with the VM list written into the NATS authorization file. Stolen credentials grant administrative director access. The issu...

7.8CVSS5.8AI score

ATTACKERKB•added 5 hours ago•2 views

CVE-2026-41859

7.8CVSS5.8AI score

Exploits0References2

EUVD•added 5 hours ago•3 views

EUVD-2026-34193

7.8CVSS5.8AI score

Cvelist•added 5 hours ago•4 views

CVE-2026-41859

7.8CVSS

Fedora•added 5 hours ago•2 views

[SECURITY] Fedora 43 Update: libsoup3-3.6.6-3.fc43

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

8.2CVSS5.8AI score0.00014EPSS

Exploits1

6.6CVSS6.9AI score0.00171EPSS

[slackware-security] net-tools

New net-tools packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/net-tools-201811030eebece-i586-4slack15.0.txz: Rebuilt. This update fixes a security issue: interface.c: Stack-based Buffer Overfl...

[slackware-security] tigervnc

New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/tigervnc/tigervnc-1.16.2-i586-3slack15.0.txz: Rebuilt. Patched with fixes for the following xorg-server security issues: Font Alias Stack-based...

[slackware-security] xorg-server

New xorg-server packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/xorg-server-1.20.14-i586-20slack15.0.txz: Rebuilt. This update fixes security issues: Font Alias Stack-based Buffer Overflow. XSY...

8.1CVSS6.1AI score0.05501EPSS

[slackware-security] proftpd

New proftpd packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/proftpd-1.3.9b-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: Additional fixes for SQL injection, notably for...

Exploits6

Slackware Linux•added 6 hours ago•2 views

[slackware-security] httpd

New httpd packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.67-i586-2slack15.0.txz: Rebuilt. This update fixes "HTTP/2 Bomb", a resource exhaustion denial-of-service attack against...