CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

266 matches found

CloudLinux•added 2026/05/14 7:23 p.m.•15 views

python: Fix of 4 CVEs

CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...

6.1CVSS6.9AI score0.05372EPSS

Exploits1

Github Security Blog•added 2026/05/11 2:51 p.m.•9 views

urllib3: Sensitive headers forwarded across origins in proxied low-level redirects

Impact When following cross-origin redirects for requests made using urllib3’s high-level APIs, such as urllib3.request, PoolManager.request, and ProxyManager.request, sensitive headers — Authorization, Cookie, and Proxy-Authorization defined in Retry.DEFAULTREMOVEHEADERSONREDIRECT — are stripped...

8.2CVSS5.8AI score0.00483EPSS

Exploits0References3Affected Software1

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability in Python 2.7, Pypy

In Python 3.x versions prior to 3.5.10, 3.6.x versions prior to 3.6.12, 3.7.x versions prior to 3.7.9, and 3.8.x versions prior to 3.8.5, CRLF injection is allowed if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of...

7.2CVSS7.1AI score0.0642EPSS

Exploits1References2

EUVD•added 2026/03/10 7:14 p.m.•3 views

EUVD-2026-10804

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager FilterManager that allows for Zombie Stream Filter Execution. This issue creates a "Use-After-Free" UAF or state-corruption window where...

5.9CVSS5.8AI score0.00337EPSS

Exploits1References1

CNNVD•added 2026/03/10 12:0 a.m.•4 views

Envoy 资源管理错误漏洞

Envoy is an open-source gateway program developed by Enphase for connecting smart home devices. Versions of Envoy prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13 contain a resource management vulnerability. This vulnerability stems from logical flaws in the HTTP connection manager, which may lead to...

5.9CVSS5.8AI score0.00337EPSS

Exploits1References1

Snyk•added 2026/03/05 9:13 p.m.•4 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the processing of HTTP/1.1 requests when handling the Connection header with X-Forwarded headers. An attacker can cause the removal of forwarded identity headers by sending requests with lowercas...

9.8CVSS7.3AI score0.015EPSS

Exploits0References2

CVE•added 2025/10/31 12:0 a.m.•9 views

CVE-2025-63561

CVE-2025-63561 affects the Summer Pearl Group Vacation Rental Management Platform prior to version 1.0.2 . The vulnerability is a Slowloris-style denial-of-service in the HTTP connection handling layer, where an attacker can open and maintain many slow or incomplete HTTP connections to exhaust th...

7.5CVSS6.4AI score0.00336EPSS

Exploits1References1Affected Software1

Hacker One•added 2025/10/14 4:25 p.m.•10 views

arkadiyt-projects: DNS Rebinding Attack

Hi, there is a DNS rebinding vulnerability in your SSRF filter. F4891755 You validate the hostname's IP address, but then pass the hostname to Net::HTTP.start, which does its own DNS lookup. An attacker can control a DNS server that returns a safe public IP during validation, then returns 127.0.0...

6.7AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2014-0137

Malware in sbrugna...

4.3CVSS6.3AI score0.01466EPSS

Exploits1References7

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2004-0264

Malware in sbrugna...

5CVSS6.4AI score0.0324EPSS

Exploits1References4