CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

94 matches found

Nginx•added 2026/05/13 2:12 p.m.•20 views

HTTP/2 request injection in the ngx_http_proxy_module

HTTP/2 request injection in the ngxhttpproxymodule Severity: medium CVE-2026-42926 Not vulnerable: 1.31.0+, 1.30.1+ Vulnerable: 1.29.4-1.30.0...

6.3CVSS5.8AI score0.00023EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/11 9:14 p.m.•3 views

CVE-2026-7010

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...

5.8AI score0.00038EPSS

Exploits0References3

SUSE CVE•added 2026/05/08 2:22 a.m.•2 views

SUSE CVE-2026-41417

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

5.3CVSS5.8AI score0.0002EPSS

Exploits1References3

Cvelist•added 2026/05/06 8:52 p.m.•28 views

CVE-2026-41417 Netty vulnerable to HTTP request smuggling and RTSP request injection via DefaultHttpRequest.setUri()

5.3CVSS0.0002EPSS

Exploits1References1

CNNVD•added 2026/04/29 12:0 a.m.•4 views

Starman 环境问题漏洞

Starman is a high-performance pre-derived web server developed by Tatsuhiko Miyagawa. Versions of Starman prior to 0.4018 contained an environmental issue vulnerability. This vulnerability stemmed from the HTTP request intercalation technique. Due to improper handling of header priorities, Starma...

7.5CVSS5.8AI score0.00016EPSS

Exploits0References1

CNNVD•added 2026/04/09 12:0 a.m.•2 views

Apache Tomcat 环境问题漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Versions of Apache Tomcat 11.0.18 and earlier, 10.1.52 and earlier, 9.0.115 and earlier, 8.5.100 and earlier, and 7.0.109 and...

7.5CVSS5.8AI score0.00176EPSS

Exploits0References1

EUVD•added 2026/03/17 12:30 p.m.•0 views

EUVD-2026-12560

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the soupmessagenew function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF Carriage Return Line Feed injection, occurs because the method value is not properly...

3.9CVSS5.9AI score0.00048EPSS

Exploits1References4

OSV•added 2026/03/17 10:16 a.m.•0 views

UBUNTU-CVE-2026-3633

6.5CVSS7.2AI score0.00048EPSS

Exploits1References2

NVD•added 2026/03/17 10:16 a.m.•3 views

CVE-2026-3633

6.5CVSS0.00048EPSS

Exploits1References3

GithubExploit•added 2026/03/10 2:40 p.m.•173 views

Exploit for CVE-2026-30741

Security Advisory: CVE-2026-30741 Product: OpenClaw Agent Pla...

5.9AI score0.00452EPSS

Exploits2

CVE•added 2026/02/01 12:56 p.m.•5 views

CVE-2022-50952

CVE-2022-50952 affects Banco Guayaquil 8.0.0 Mobile iOS application. A persistent cross-site scripting vulnerability exists in the TextBox Name Profile input. An attacker can inject malicious script via a POST request that executes on application review without user interaction. The NVD entry lis...

6.4CVSS5.9AI score0.00016EPSS

Exploits0References3

CNNVD•added 2026/01/26 12:0 a.m.•1 views

Hiawatha security vulnerabilities

Hiawatha is a security web server developed by Hugo Leisink for Unix systems. This product can prevent attacks such as XSS, SQL injection, and CSRF, and it also offers server monitoring capabilities. Version 11.7 of Hiawatha contains a security vulnerability caused by improper header parsing. Thi...

5.3CVSS6AI score0.00013EPSS

Exploits0References2

Vulnrichment•added 2025/10/13 3:59 a.m.•2 views

CVE-2025-31994 HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS)

HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting XSS where an attacker injects malicious script into an HTTP request, which is then reflected unsafely in the server's immediate response to the victim's browser, executing the script as if it originated from the trusted...

4.3CVSS5.7AI score0.00027EPSS

Exploits0References1

OSV•added 2025/10/08 5:41 p.m.•1 views

JLSEC-2025-1 CR/LF injection in URIs.jl (also affects HTTP.jl)

Description The URIs.jl and HTTP.jl packages allowed the construction of URIs containing CR/LF characters. If user input was not otherwise escaped or protected, this can lead to a CRLF injection attack. With this simple Julia code, you can inject a custom header named Foo with the value bar: juli...

8.7CVSS7.1AI score0.00331EPSS

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-0639

Malware in sbrugna...

6.5CVSS6.1AI score0.01394EPSS

Exploits0References15

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2016-1317

Malware in sbrugna...

10CVSS9.5AI score0.01373EPSS

Exploits0References3