Lucene search
K

103221 matches found

OSV
OSV
added 2026/03/17 10:16 a.m.4 views

UBUNTU-CVE-2026-3632

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where...

5.5CVSS7AI score0.00207EPSS
Exploits1References2
SUSE Linux
SUSE Linux
added 2026/03/17 10:4 a.m.5 views

Security update for curl

This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. CVE-2026-3805: use after free in SMB connection...

7.5CVSS5.7AI score0.00715EPSS
Exploits4References16
OSV
OSV
added 2026/03/17 10:4 a.m.1 views

SUSE-SU-2026:0903-1 Security update for curl

This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...

7.5CVSS5.8AI score0.00715EPSS
Exploits4References9
Vulnrichment
Vulnrichment
added 2026/03/17 9:44 a.m.1 views

CVE-2026-3632 Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnames

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where...

3.9CVSS5.8AI score0.00207EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/17 9:44 a.m.4 views

CVE-2026-3632

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where...

3.9CVSS5.8AI score0.00207EPSS
Exploits1References4
CVE
CVE
added 2026/03/17 9:44 a.m.73 views

CVE-2026-3632

CVE-2026-3632 affects the libsoup library used to send network requests. The root cause is improper hostname validation which allows special characters to be injected into HTTP headers, enabling HTTP smuggling and, in some cases, Server-Side Request Forgery (SSRF) . The incident is contextualized...

5.5CVSS5.8AI score0.00207EPSS
Exploits1References3Affected Software2
RedHat Linux
RedHat Linux
added 2026/03/17 4:1 a.m.4 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS7.1AI score0.01945EPSS
Exploits0References8
CNVD
CNVD
added 2026/03/17 12:0 a.m.3 views

Fortinet FortiSandbox Cloud OS Command Injection Vulnerability

Fortinet FortiSandbox Cloud is a malware sandbox analysis platform from US-based Fiat Fortinet. Fortinet FortiSandbox Cloud version 5.0.4 suffers from an OS command injection vulnerability. The vulnerability stems from improper neutralization of special elements in os commands and can be exploite...

7.2CVSS6AI score0.0176EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.7 views

EulerOS Virtualization 2.12.1 : python3 (EulerOS-SA-2026-1455)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorit...

9.4CVSS7.7AI score0.01525EPSS
Exploits14References14
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.9 views

EulerOS Virtualization 2.12.0 : httpd (EulerOS-SA-2026-1487)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped quer...

9.1CVSS7.1AI score0.03914EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.7 views

libsoup 安全漏洞

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability, which stems from a reuse of freed resources in the implementation of HTTP/2 servers. This vulnerability could allow remote attackers to exploit it by sending specially crafted HTTP/2 requests, resulting...

7.5CVSS5.8AI score0.00829EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/03/16 11:12 p.m.137 views

Exploit for Out-of-bounds Write in Starnight Micro_Http_Server

💥 CVE-2023-50965 — Stack Buffer Overflow Exploit Linux Proo...

9.8CVSS8.2AI score0.01547EPSS
Exploits3
Hacker One
Hacker One
added 2026/03/16 10:23 p.m.38 views

curl: HSTS accepted from HTTP origin behind HTTPS proxy

curl/libcurl appears to accept and persist Strict-Transport-Security from an http:// origin when the request is sent through an https:// proxy. After that, a later http:// request for the same host is automatically upgraded to https:// due to stored HSTS state. Affected versions 8.12.0 through...

5.7AI score
Exploits0
Snyk
Snyk
added 2026/03/16 8:47 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via httprequester.go and httpdownloader.go‎. An attacker can access internal network resources and exfiltrate sensitive data by crafting malicious promotion templates or Promotion resources that trigger...

5.1CVSS5.8AI score0.00328EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/16 6:32 p.m.2 views

EUVD-2026-12488

A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local2c causes stack-based buffer overflow. The attack can be initiated remotel...

10CVSS8AI score0.00887EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/03/16 6:16 p.m.5 views

CVE-2026-3644

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

6CVSS5.9AI score0.00419EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/16 5:37 p.m.52 views

CVE-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

6CVSS0.00419EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/03/16 5:37 p.m.3 views

CVE-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

6CVSS5.8AI score0.00419EPSS
Exploits0References8
CVE
CVE
added 2026/03/16 5:37 p.m.71 views

CVE-2026-3644

CVE-2026-3644 is confirmed: In CPython, incomplete control character validation in http.cookies/Morsel (and related paths in Morsel.update, |=, unpickling, and BaseCookie.js_output) allows bypassing input validation and can enable HTTP header injection when cookie values or parameters contain con...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/03/16 5:37 p.m.3 views

CVE-2026-3644

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

7.5CVSS5.2AI score0.00419EPSS
Exploits0
Rows per page
Query Builder