CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/29 12:0 a.m.•6 views

libsoup 安全漏洞

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability, which stems from an error in the unsigned-to-signed conversion in the soupbodyinputstreamreadchunked function. This vulnerability could allow remote attackers to bypass security controls by sending...

4.8CVSS5.8AI score0.00328EPSS

Exploits0References4

Tenable Nessus•added 2026/05/29 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-6324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a...

4.8CVSS5.8AI score0.00328EPSS

Exploits0References3

Tenable Nessus•added 2026/05/26 12:0 a.m.•9 views

TencentOS Server 3: libsoup (TSSA-2026:0368)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0368 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Tenable Nessus•added 2026/05/25 12:0 a.m.•13 views

Alibaba Cloud Linux 3 : 0124: libsoup (ALINUX3-SA-2026:0124)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0124 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-5119: A flaw was found in libsoup. When...

Tenable Nessus•added 2026/05/19 12:0 a.m.•7 views

RHEL 9 : libsoup (RHSA-2026:19356)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19356 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext...

8.2CVSS5.9AI score0.00254EPSS

RedHat Linux•added 2026/05/11 9:39 p.m.•27 views

libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.8AI score0.00829EPSS

Tenable Nessus•added 2026/05/11 12:0 a.m.•6 views

MiracleLinux 8 : libsoup-2.62.3-14.el8_10 (AXSA:2026-596:09)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-596:09 advisory. libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 Tenable has extracted the...

Tenable Nessus•added 2026/05/08 12:0 a.m.•3 views

AlmaLinux 8 : libsoup (ALSA-2026:14087)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:14087 advisory. libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 Tenable has extracted the preceding...

Tenable Nessus•added 2026/05/08 12:0 a.m.•6 views

Exploits1References3

MiracleLinux 9 : libsoup-2.72.0-12.el9_7.6 (AXSA:2026-573:08)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-573:08 advisory. libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 Tenable has extracted the...

RedHat Linux•added 2026/05/06 1:0 p.m.•56 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.7AI score0.00254EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux – Vulnerability in libsoup2.4

A flaw was discovered in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which could cause libsoup to allocate memory and lead to a denial of service DoS attack...

7.5CVSS7.3AI score0.00686EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability in libsoup2.4

A flaw was discovered in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

7.5CVSS7.5AI score0.00694EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux – Vulnerability in libsoup2.4

A flaw was discovered in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read data beyond its intended range...

7.4CVSS7.4AI score0.00637EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux – Vulnerability in libsoup2.4

A flaw was discovered in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

7.5CVSS7.5AI score0.00787EPSS