CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 4 hours ago•6 views

CURL-CVE-2026-8286 wrong STARTTLS connection reuse

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

5.9AI score

Exploits0

NVD•added yesterday•6 views

CVE-2026-55766

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled dat...

4.8CVSS

Debian CVE•added yesterday•24 views

CVE-2026-55766

CVE•added yesterday•11 views

Exploits0

CVE-2026-55766

Summary (CVE-2026-55766): guzzlehttp/psr7 (PHP) before 2.12.1 is vulnerable to CRLF injection in the HTTP start-line fields (method, protocol version, reason phrase) when attacker-controlled data ends up in those fields and the message is serialized or forwarded. The flaw requires the malformed m...

OSV•added yesterday•4 views

JLSEC-2026-616 HTTP/1 client request smuggling via CR/LF in method, target, or host in HTTP.jl

Description The HTTP/1 client serialized request.method and request.target and, in forward-proxy absolute-form, the host verbatim onto the wire with no CR/LF/CTL filtering; the only target validator was wired solely into the server parse path. A caller passing an attacker-influenced URL or method...

6AI score

NVD•added 2 days ago•7 views

CVE-2026-12549

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...

4.8CVSS0.00317EPSS

CVE•added 2 days ago•6 views

CVE-2026-12549

The CVE-2026-12549 entry concerns GNOME Libsoup (soupserver). A regression after the fix for CVE-2026-2443 replaced specific overflow checks with a general signed comparison. When a client issues a Range request with a suffix length exceeding the content size, the resulting negative start value i...

4.8CVSS5.9AI score0.00317EPSS

Cvelist•added 2 days ago•27 views

CVE-2026-12549 Libsoup: incomplete fix for cve-2026-2443: range suffix overflow in libsoup soupserver

4.8CVSS0.00317EPSS

NVD•added 5 days ago•7 views

CVE-2019-25747

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrar...

8.5CVSS0.0012EPSS

OSV•added 5 days ago•5 views

GHSA-VM85-HXW5-5432 guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization

Impact guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled data into one of those fields and later serialized the PSR-7 message as raw HTTP/1.x...

Github Security Blog•added 5 days ago•9 views

guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization

Exploits0References2Affected Software1

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpslowstartafteridle. When reading sysctltcpslowstartafteridle, it can be changed concurrently. Therefore, we need to add READONCE to its readers...

4.7CVSS5.5AI score0.00178EPSS

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfs: Only call foliostartfscache once for each folio. If a network filesystem using netfs implements a clamplength function, it can set subrequest lengths that are smaller than the page size. When we loop through the folios in...

5.5CVSS5.8AI score0.00225EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed a sleeping function called from an invalid context in the RT kernel. When setting bootparams="traceevent=initcall:initcallstart tpprintk=1" in the cmdline, the outputprintk function was called, and spinlockirqsave...

5.5CVSS5.4AI score0.00205EPSS

AstraLinux•added 5 days ago•5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: qcom: qdsp6: Fixed the issue where q6apm removal ordering occurs during ADSP stop and start. During ADSP stop and start, the kernel crashes due to the order in which ASoC components are removed. During ADSP stop, the...

5.5CVSS5.8AI score0.00123EPSS

AstraLinux•added 5 days ago•2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nbd: Fixed an UAF in nbdgenlconnect, where an error path occurred after calling nbdstartdevice. There is a use-after-free issue in nbd: - block nbd6: Received control failed result: -104; sockets are being shut down. Bug: KASAN:...

7.8CVSS6.2AI score0.00144EPSS

AstraLinux•added 5 days ago•5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k – A memory leak was avoided when enabling statistics. The driver uses monitor destination rings for both extended statistics mode and standalone monitor mode. In extended statistics mode, TLVs are parsed from the...

5.5CVSS6.2AI score0.00131EPSS