Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Vulnrichment
Vulnrichmentadded 2026/05/01 8:34 p.m.0 views

CVE-2026-39807 Client-supplied URI scheme trusted without transport verification in bandit

Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. 'Elixir.Bandit.Pipeline':determinescheme/2 in lib/bandit/pipeline.ex returns the client-supplied URI scheme verbatim, ignoring the...

6.3CVSS5.8AI score0.00026EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/04/29 8:48 p.m.1 views

CVE-2026-32688

Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plugcowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib/plug/cowboy/conn.ex calls String.toatom/1 on the value returned by :cowboyreq.scheme/1. For HTTP/2...

8.7CVSS5.6AI score0.00108EPSS
Exploits0References1
NVD
NVDadded 2026/04/27 2:16 p.m.1 views

CVE-2026-32688

Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plugcowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib/plug/cowboy/conn.ex calls String.toatom/1 on the value returned by :cowboyreq.scheme/1. For HTTP/2...

8.7CVSS0.00108EPSS
Exploits0References4
OSV
OSVadded 2026/04/27 1:45 p.m.2 views

EEF-CVE-2026-32688 Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plugcowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib/plug/cowboy/conn.ex calls String.toatom/1 on the value returned by :cowboyreq.scheme/1. Fo...

8.7CVSS5.6AI score0.00108EPSS
Exploits0References4
Hacker One
Hacker Oneadded 2026/04/15 6:22 a.m.14 views

curl: lib/http2.c: SSL connections accept non-HTTP push schemes (incomplete fix for 2e8c922a)

Summary: settransferurl in lib/http2.c validates the :scheme pseudo-header of PUSHPROMISE frames only when !viasslconn — a guard added by commit 2e8c922a to block non-TLS connections from accepting TLS-scheme pushes. The symmetric case was not addressed: over TLS, viasslconn is TRUE, the guard at...

5.9AI score
Exploits0
Redos
Redosadded 2026/02/09 12:0 a.m.3 views

ROS-20260209-73-0004

A vulnerability in the onframerecvcallback function soup-server-message-io-http1.c of the GNOME GUI libsoup library is related to misinterpretation of input data when processing :scheme, :authority, and :path pseudo headers. Exploitation of the vulnerability could allow an attacker acting remotel...

7.5CVSS5.6AI score0.00132EPSS
Exploits0
SUSE CVE
SUSE CVEadded 2025/04/16 2:35 a.m.2 views

SUSE CVE-2025-32908

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service DoS...

7.5CVSS6.4AI score0.00132EPSS
Exploits0References8
OSV
OSVadded 2025/04/14 2:15 p.m.1 views

DEBIAN-CVE-2025-32908

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service DoS...

7.5CVSS7.1AI score0.00132EPSS
Exploits0References1
Rows per page
Query Builder