CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

54 matches found

RedhatCVE•added 2026/05/28 12:26 p.m.•10 views

CVE-2026-42578

A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected...

7.5CVSS7AI score0.00408EPSS

Exploits1References4

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в curl

Curl versions 7.63.0 through 7.75.0 include a vulnerability that allows a malicious HTTPS proxy to intercept connections by mishandling TLS 1.3 session tickets. When using an HTTPS proxy and TLS 1.3, libcurl may misinterpret session tickets sent from the HTTPS proxy as those coming from the remot...

4.3CVSS6.8AI score0.03141EPSS

Exploits1References1

CNNVD•added 2026/04/15 12:0 a.m.•6 views

fastify/reply-from和fastify/http-proxy 安全漏洞

fastify/reply-from and fastify/http-proxy are both products from the Fastify open-source project. fastify/reply-from is a plugin designed to forward incoming HTTP requests to another server. fastify/http-proxy is a full-featured HTTP proxy plugin that supports proxying WebSocket connections and...

9CVSS5.8AI score0.0033EPSS

Exploits1References1

OSV•added 2026/04/01 9:49 p.m.•1 views

GHSA-C427-H43C-VF67 AIOHTTP accepts duplicate Host headers

Summary Multiple Host headers were allowed in aiohttp. Impact Mostly this doesn't affect aiohttp security itself, but if a reverse proxy is applying security rules depending on the target Host, it is theoretically possible that the proxy and aiohttp could process different host names, possibly...

6.3CVSS5.9AI score0.00288EPSS

Exploits0References6

Github Security Blog•added 2026/04/01 9:49 p.m.•5 views

AIOHTTP accepts duplicate Host headers

6.3CVSS5.9AI score0.00288EPSS

Exploits0References6Affected Software1

RedhatCVE•added 2026/03/27 5:9 p.m.•3 views

CVE-2026-33397

The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...

6.9CVSS5.9AI score0.00302EPSS

Exploits0References1

OSV•added 2026/03/20 2:23 p.m.•4 views

OESA-2026-1640 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.1, when a cpp-httplib client uses the...

8.7CVSS5.6AI score0.00453EPSS

Exploits2References3

RustSec•added 2026/03/04 12:0 p.m.•8 views

HTTP Request Smuggling via Premature Upgrade

Pingora versions prior to 0.8.0 would immediately forward bytes following a request with an Upgrade header to the backend, without waiting for a 101 Switching Protocols response. This allows an attacker to smuggle requests to the backend and bypass proxy-level security controls. This vulnerabilit...

9.3CVSS6AI score0.00666EPSS

Exploits0Affected Software1