Lucene search
K

2573 matches found

OSV
OSV
added 2026/06/30 10:27 a.m.2 views

SUSE-SU-2026:2702-1 Security update for libsoup

This update for libsoup fixes the following issue - CVE-2026-1801: HTTP Request Smuggling in soupfilterinputstreamreadline bsc1257649...

6.5CVSS6.6AI score0.00376EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in libsoup3

A flaw was discovered in the asynchronous message queue handling of the libsoup library, which is widely used by GNOME and WebKit-based applications for managing HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed...

7.5CVSS5.7AI score0.00416EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in libsoup2.4, libsoup3

A flaw was discovered in the cookie parsing logic of the libsoup HTTP library, which is used in GNOME applications and other software. The vulnerability arises when processing the expiration dates of cookies, where a specially crafted value can trigger an integer overflow. This may lead to...

3.7CVSS6.2AI score0.00538EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in libsoup2.4

A flaw was discovered in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, resulting in a buffer overread. This can allow an attacker to potentially access sensitive information or cause a denial of service at the application level...

9.1CVSS6.8AI score0.0042EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 1:11 p.m.3 views

OESA-2026-2719 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing...

5.3CVSS5.9AI score0.00321EPSS
Exploits1References2
OSV
OSV
added 2026/06/24 1:11 p.m.5 views

OESA-2026-2718 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing...

5.3CVSS5.9AI score0.00321EPSS
Exploits1References2
OSV
OSV
added 2026/06/24 1:11 p.m.3 views

OESA-2026-2717 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. The SoupWebsocketConnection may accept a large...

7.5CVSS7.1AI score0.00821EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.11 views

Oracle Linux 9 : libsoup (ELSA-2026-19356)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19356 advisory. - Backport patch for CVE-2026-5119 - Backport patch for CVE-2026-1761 - Backport patch for CVE-2026-0719 - Backport patch for CVE-2025-14523 Tenable has...

8.6CVSS6.7AI score0.00947EPSS
Exploits1References2
CVE
CVE
added 2026/06/22 1:55 p.m.35 views

CVE-2026-12549

The CVE-2026-12549 entry concerns GNOME Libsoup (soupserver). A regression after the fix for CVE-2026-2443 replaced specific overflow checks with a general signed comparison. When a client issues a Range request with a suffix length exceeding the content size, the resulting negative start value i...

4.8CVSS5.9AI score0.00325EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/06/22 1:55 p.m.36 views

CVE-2026-12549 Libsoup: incomplete fix for cve-2026-2443: range suffix overflow in libsoup soupserver

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...

4.8CVSS0.00325EPSS
Exploits1References4
OSV
OSV
added 2026/06/22 8:18 a.m.7 views

ROOT-OS-DEBIAN-13-CVE-2026-5119 CVE-2026-5119 in rootio-libsoup3 - Patched by Root

Root has patched CVE-2026-5119 in the rootio-libsoup3 package for Root:Debian:13. Multiple fixed versions available...

8.2CVSS5.8AI score0.00254EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in libsoup2.4

A flaw was discovered in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user with respect to the original host that issued the redirect...

6.8CVSS6.9AI score0.00478EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in libsoup2.4

A use-after-free vulnerability was discovered in libsoup, within the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

9CVSS7.2AI score0.00847EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in libsoup2.4

GNOME libsoup before version 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in the soupheaderparseparamliststrict function. There is a plausible way to exploit this vulnerability remotely through the soupmessageheadersgetcontenttype function for example, an...

8.4CVSS7.1AI score0.00679EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.6 views

SUSE SLED15 / SLES15 Security Update : libsoup (SUSE-SU-2026:2314-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2314-1 advisory. This update for libsoup fixes the following issues - CVE-2026-1801: HTTP Request Smuggling in...

7.5CVSS5.7AI score0.00829EPSS
Exploits1References7
OSV
OSV
added 2026/06/12 12:25 p.m.7 views

OESA-2026-2618 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. The SoupWebsocketConnection may accept a large...

7.5CVSS7.3AI score0.00872EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:25 p.m.8 views

OESA-2026-2617 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. The SoupWebsocketConnection may accept a large...

7.5CVSS7.3AI score0.00872EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:25 p.m.11 views

OESA-2026-2616 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. A remote attacker could exploit an unsigned to...

4.8CVSS5.4AI score0.00872EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 12:25 p.m.10 views

OESA-2026-2615 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. A remote attacker could exploit an unsigned to...

4.8CVSS5.4AI score0.00872EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.7 views

EulerOS 2.0 SP13 : libsoup (EulerOS-SA-2026-2341)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in...

8.2CVSS5.6AI score0.00254EPSS
Exploits1References2
Rows per page
Query Builder