CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

76 matches found

CVE-2026-45307

Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the issafeurl helper used to validate post-login redirect targets applied urljoinrequest.hosturl, target before parsing, while the controller passed the raw target to redirect. A...

6.1CVSS5.5AI score0.00029EPSS

Exploits0References1

Positive Technologies•added yesterday•4 views

PT-2026-46988

Summary managementServer.CreateSchematic internal/backend/grpc/schematics.go passes the caller-controlled TalosVersion field directly to imageFactoryClient.OverlaysVersions, which embeds it verbatim into a fmt.Sprintf"/version/%s/overlays/official", talosVersion path template. url.URL.JoinPath...

2.7CVSS5.7AI score

Exploits0References5

Positive Technologies•added 2 days ago•9 views

PT-2026-46301

Summary Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is sent through an authenticated HTTP proxy, redirects are followed, and the redirected UR...

8.2CVSS5.8AI score

Exploits0References5

Cvelist•added 5 days ago•22 views

CVE-2026-49135 CodexBar < 0.32.0 Insecure Temporary File Handling in Notarization Workflow

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

7.2CVSS0.00023EPSS

Exploits0References4

ATTACKERKB•added 2026/05/28 5:47 p.m.•6 views

CVE-2026-45307

6.1CVSS5.8AI score0.00029EPSS

Exploits0References2Affected Software1

SUSE CVE•added 2026/05/15 1:58 a.m.•7 views

SUSE CVE-2026-44431

urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...

7.5CVSS5.8AI score0.00013EPSS

Exploits0References9

EUVD•added 2026/05/13 6:30 p.m.•7 views

EUVD-2026-29923

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

6.5CVSS5.8AI score0.00037EPSS

Exploits1References4

Vulnrichment•added 2026/05/13 3:20 p.m.•5 views

CVE-2026-44431 urllib3: Sensitive headers forwarded across origins in proxied low-level redirects

8.2CVSS5.8AI score0.00013EPSS

Exploits0References1

ATTACKERKB•added 2026/05/13 3:20 p.m.•2 views

CVE-2026-44431

8.2CVSS5.8AI score0.00013EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/05/13 8:27 a.m.•6 views

CVE-2026-5545

5.8AI score0.00037EPSS

Exploits1References4Affected Software1

CVE•added 2026/05/13 8:27 a.m.•13 views

CVE-2026-5545

CVE-2026-5545 affects libcurl: a logical error in connection reuse can cause a request to a server usingNegotiate authentication with user1:password1 to be mistakenly sent over a connection still authenticated for user1 when a second operation tries to authenticate as user2:password2 on the same ...

6.5CVSS5.8AI score0.00037EPSS

Exploits1References3Affected Software1

AlpineLinux•added 2026/05/13 8:27 a.m.•4 views

CVE-2026-5545

6.5CVSS5.8AI score0.00037EPSS

Exploits1References3

ATTACKERKB•added 2026/05/13 8:27 a.m.•6 views

CVE-2026-4873

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

5.8AI score0.00014EPSS

Exploits1References4Affected Software1

Snyk•added 2026/05/11 2:51 p.m.•7 views

Insertion of Sensitive Information Into Sent Data

Overview urllib3 is a HTTP library with thread-safe connection pooling, file post, and more. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in urlopen when using ProxyManager.connectionfromurl with assertsamehost=False, directly rather than v...

8.2CVSS5.8AI score0.00013EPSS

Exploits0References2

OSV•added 2026/05/04 1:12 p.m.•3 views

JLSEC-2026-388

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number...

6.5CVSS6.8AI score0.00682EPSS

Exploits1References14

IBM Security Bulletins•added 2026/05/04 12:45 p.m.•9 views

Security Bulletin:Requests SSL Verification Issue Fixed in 2.32.0

Summary Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value ...

5.6CVSS6.6AI score0.00208EPSS

Exploits1Affected Software1

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в requests

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verif...

5.6CVSS6.8AI score0.00046EPSS

Exploits0References2