CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/05/13 2:25 p.m.•5 views

SUSE CVE-2026-8368

LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are se...

5.3CVSS5.8AI score0.00033EPSS

Exploits0References3

UbuntuCve•added 2026/05/12 3:16 p.m.•4 views

CVE-2026-8368

6.5CVSS5.8AI score0.00033EPSS

Vulnrichment•added 2026/05/12 2:1 p.m.•3 views

CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects

5.8AI score0.00033EPSS

CNNVD•added 2026/05/12 12:0 a.m.•4 views

LWP::UserAgent 安全漏洞

LWP::UserAgent is a web user agent class open source from libwww-perl, used for sending HTTP requests. Versions of LWP::UserAgent prior to version 6.83 have security vulnerabilities. These vulnerabilities stem from improper handling of the Authorization and Proxy-Authorization headers during...

6.5CVSS5.8AI score0.00033EPSS

Exploits0References1

Gitee•added 2025/09/06 8:39 p.m.•75 views

Crypt-SSLeay

This is a Perl module called Crypt::SSLeay, which provides OpenSSL support for LWP Library for WWW in Perl. The module is used to handle SSL/TLS connections and is part of the LWP distribution. The module has a version of 0.7304 and is maintained by A. Sinan Unur, David Landgren, Joshua Chamas, a...

OSV•added 2025/06/09 9:15 a.m.•2 views

CVE-2025-5869

A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sysrecvfrom of the file rt-thread/components/lwp/lwpsyscall.c. The manipulation of the argument from leads to memory corruption...

9.8CVSS7AI score0.01174EPSS

Exploits1References4

OSV•added 2025/06/09 8:15 a.m.•0 views

CVE-2025-5868

A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function systhreadsigprocmask of the file rt-thread/components/lwp/lwpsyscall.c. The manipulation of the argument how leads to improper validation of array index...

9.8CVSS5.5AI score

OSV•added 2025/06/09 8:15 a.m.•1 views

CVE-2025-5867

A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csyssendto of the file rt-thread/components/lwp/lwpsyscall.c. The manipulation of the argument to leads to null pointer dereference...

9.8CVSS5.6AI score0.01154EPSS

Exploits1References4

CNNVD•added 2025/06/09 12:0 a.m.•3 views

RT-Thread 安全漏洞

RT-Thread is an open source IoT real-time operating system RTOS from RT-Thread Open Source. A security vulnerability exists in RT-Thread version 5.1.0, which stems from a null pointer dereference due to the operation of the parameter to in the file rt-thread/components/lwp/lwpsyscall.c. The...

9.8CVSS7.8AI score0.01154EPSS

Exploits1References4

OSV•added 2025/02/08 10:15 a.m.•1 views

CVE-2025-1115

A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function...

5.5CVSS6.2AI score

Positive Technologies•added 2025/02/08 12:0 a.m.•2 views

PT-2025-6016 · Rt-Thread · Rt-Thread

Name of the Vulnerable Software and Affected Versions: RT-Thread versions up to 5.1.0 Description: A problematic vulnerability was found in RT-Thread. The issue affects the sys thread create function of the file rt-thread/components/lwp/lwp syscall.c. The manipulation of the argument arg0 leads t...

4.8CVSS4.3AI score0.00109EPSS

Exploits1References11

OSV•added 2024/06/15 12:0 a.m.•9 views

OPENSUSE-SU-2024:10239-1 perl-LWP-Protocol-https-6.06-1.4 on GA media

These are all security issues fixed in the perl-LWP-Protocol-https-6.06-1.4 package on the GA media of openSUSE Tumbleweed...

5.9CVSS5.7AI score0.0065EPSS

Exploits1References1

Packet Storm•added 2023/08/29 12:0 a.m.•301 views

i-Gallery 3.4 Database Disclosure

==================================================================================================================================== | Title : i-Gallery v3.4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...

Veracode•added 2023/08/24 5:27 p.m.•19 views

Authorization Bypass

perl-lwp-protocol-https is vulnerable to Authorization Bypasses. This vulnerability exists due to a flaw in the way the LWP::Protocol::https module handles certain environment variables. A remote attacker can exploit this vulnerability to disable certificate validation, which could allow them to...

5.9CVSS6.5AI score0.0065EPSS

Exploits1References6Affected Software1

Packet Storm•added 2023/08/16 12:0 a.m.•301 views

Erim Upload 4 Database Disclosure

==================================================================================================================================== | Title : Erim Upload V4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...

Packet Storm•added 2023/08/16 12:0 a.m.•322 views

ExcessWeb And Network CMS 4.0 Database Disclosure

==================================================================================================================================== | Title : ExcessWeb & Network CMS v4.0 Database Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

Packet Storm•added 2023/08/08 12:0 a.m.•269 views

Data Driven CMS 0.4.1 Database Disclosure

==================================================================================================================================== | Title : Data Driven CMS v0.4.1 database disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...