CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1273 matches found

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

8.2CVSS5.8AI score0.00014EPSS

Exploits1References5

NVD•added 2 days ago•3 views

CVE-2026-10584

Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer...

8.2CVSS0.00009EPSS

Exploits0References2

Rockylinux•added 5 days ago•12 views

nginx security update

An update is available for nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other protocols, with a foc...

9.2CVSS6.1AI score0.00897EPSS

Exploits34

OSV•added 6 days ago•2 views

UBUNTU-CVE-2026-6324

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

4.8CVSS5.8AI score0.00042EPSS

Exploits0References7

EUVD•added 6 days ago•7 views

EUVD-2026-33249

4.8CVSS5.8AI score0.00042EPSS

Exploits0References3

ATTACKERKB•added 6 days ago•8 views

CVE-2026-6324

4.8CVSS5.8AI score0.00042EPSS

Exploits0References4

Vulnrichment•added 6 days ago•9 views

CVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error

4.8CVSS5.8AI score0.00042EPSS

Exploits0References3

Tenable Nessus•added 2026/05/28 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-49017

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInp...

7.1CVSS5.9AI score0.0005EPSS

Exploits0References2

OSV•added 2026/05/27 2:16 a.m.•3 views

DEBIAN-CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.0005EPSS

Exploits0References1

NVD•added 2026/05/27 2:16 a.m.•6 views

CVE-2026-49017

7.1CVSS0.0005EPSS

Exploits0References5

UbuntuCve•added 2026/05/27 2:16 a.m.•8 views

CVE-2026-49017

7.1CVSS5.9AI score0.0005EPSS

Exploits0References4

OSV•added 2026/05/27 2:16 a.m.•2 views

UBUNTU-CVE-2026-49017

7.1CVSS5.9AI score0.0005EPSS

Exploits0References5

CVE•added 2026/05/27 1:57 a.m.•8 views

CVE-2026-49017

OpenStack Swift prior to 2.36.2 and 2.37.2 is affected. The s3api middleware enters an infinite loop while processing truncated aws-chunked PUT bodies, due to the StreamingInput class repeatedly appending an empty buffer and re-reading. This causes the proxy-server worker to become permanently un...

7.1CVSS5.9AI score0.0005EPSS

Exploits0References5

ATTACKERKB•added 2026/05/27 1:57 a.m.•7 views

CVE-2026-49017

7.1CVSS5.9AI score0.0005EPSS

Exploits0References4Affected Software1

Debian CVE•added 2026/05/27 1:57 a.m.•4 views

CVE-2026-49017

7.1CVSS5.9AI score0.0005EPSS

Exploits0

Cvelist•added 2026/05/27 1:57 a.m.•26 views

CVE-2026-49017

7.1CVSS0.0005EPSS

Exploits0References3

Positive Technologies•added 2026/05/27 12:0 a.m.•3 views

PT-2026-43476

Name of the Vulnerable Software and Affected Versions OpenStack Swift versions 2.36.0 through 2.36.1 OpenStack Swift versions 2.37.0 through 2.37.1 Description The s3api middleware contains a flaw where the StreamingInput class enters an infinite loop when processing a truncated aws-chunked PUT...

7.1CVSS5.9AI score0.0005EPSS

Exploits0References6

Debian CVE•added 2026/05/13 5:57 p.m.•5 views

CVE-2026-42578

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage method creates headers using...

7.5CVSS5.9AI score0.0001EPSS

Exploits1

NVD•added 2026/05/08 4:16 a.m.•7 views

CVE-2026-42271

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration i...

8.8CVSS0.04116EPSS

Exploits1References2

Cvelist•added 2026/05/08 3:38 a.m.•30 views

CVE-2026-42208 LiteLLM: SQL injection in Proxy API key verification

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An...

9.3CVSS0.56947EPSS

Exploits5References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by