Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1314 matches found

RedhatCVE
RedhatCVEadded 4 days ago5 views

CVE-2026-10584

Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer...

8.2CVSS5.5AI score0.0001EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 5 days ago7 views

CVE-2026-5589 Out-of-bounds write caused by an integer underflow in the Bluetooth Mesh subsystem.

An integer underflow in btmeshsolrecv in the Bluetooth Mesh solicitation handling subsys/bluetooth/mesh/solicitation.c leads to an out-of-bounds write. When CONFIGBTMESHODPRIVPROXYSRV is enabled, the function parses solicitation PDUs from raw BLE advertising payloads. The AD parsing loop reads an...

6AI score0.00063EPSS
Exploits0References1
CVE
CVEadded 5 days ago11 views

CVE-2026-5589

The CVE-2026-5589 issue affects the Bluetooth Mesh subsystem (bt_mesh_sol_recv in subsys/bluetooth/mesh/solicitation.c). When CONFIG_BT_MESH_OD_PRIV_PROXY_SRV is enabled, the AD parsing loop reads an attacker-controlled length (reported_len) and computes reported_len - 3 without ensuring reported...

6.3CVSS6.2AI score0.00063EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 6 days ago9 views

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.8AI score0.00016EPSS
Exploits1References5
NVD
NVDadded last week7 views

CVE-2026-10584

Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer...

8.2CVSS0.0001EPSS
Exploits0References2
Rockylinux
Rockylinuxadded 2026/05/30 6:3 p.m.12 views

nginx security update

An update is available for nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other protocols, with a foc...

9.2CVSS6.1AI score0.00288EPSS
Exploits35
OSV
OSVadded 2026/05/29 7:16 a.m.4 views

UBUNTU-CVE-2026-6324

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

4.8CVSS5.8AI score0.00055EPSS
Exploits0References7
EUVD
EUVDadded 2026/05/29 5:24 a.m.10 views

EUVD-2026-33249

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

4.8CVSS5.8AI score0.00055EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/29 5:24 a.m.10 views

CVE-2026-6324

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

4.8CVSS5.8AI score0.00055EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/29 5:24 a.m.13 views

CVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

4.8CVSS5.8AI score0.00055EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/05/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-49017

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInp...

7.1CVSS5.9AI score0.0005EPSS
Exploits0References2
OSV
OSVadded 2026/05/27 2:16 a.m.5 views

DEBIAN-CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.0005EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 2:16 a.m.7 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS0.0005EPSS
Exploits0References5
OSV
OSVadded 2026/05/27 2:16 a.m.4 views

UBUNTU-CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.0005EPSS
Exploits0References5
UbuntuCve
UbuntuCveadded 2026/05/27 2:16 a.m.9 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.0005EPSS
Exploits0References4
CVE
CVEadded 2026/05/27 1:57 a.m.10 views

CVE-2026-49017

OpenStack Swift prior to 2.36.2 and 2.37.2 is affected. The s3api middleware enters an infinite loop while processing truncated aws-chunked PUT bodies, due to the StreamingInput class repeatedly appending an empty buffer and re-reading. This causes the proxy-server worker to become permanently un...

7.1CVSS5.9AI score0.0005EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/27 1:57 a.m.8 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.0005EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVEadded 2026/05/27 1:57 a.m.6 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.0005EPSS
Exploits0
Cvelist
Cvelistadded 2026/05/27 1:57 a.m.28 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS0.0005EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.5 views

PT-2026-43476

Name of the Vulnerable Software and Affected Versions OpenStack Swift versions 2.36.0 through 2.36.1 OpenStack Swift versions 2.37.0 through 2.37.1 Description The s3api middleware contains a flaw where the StreamingInput class enters an infinite loop when processing a truncated aws-chunked PUT...

7.1CVSS5.9AI score0.0005EPSS
Exploits0References6
Rows per page
Query Builder