Every CVE whose affected-product data names Gnome Libsoup, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2017-2885 — CVSS 9.8 (critical): An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a…
CVE-2018-12910 — CVSS 9.8 (critical): The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
CVE-2019-17266 — CVSS 9.8 (critical): libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does…
CVE-2024-52530 — CVSS 7.5 (high): GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are…
CVE-2024-52532 — CVSS 7.5 (high): GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from…
CVE-2025-2784 — CVSS 7.0 (high): A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace()…
CVE-2026-2369 — CVSS 6.5 (medium): A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a…
CVE-2024-52531 — CVSS 6.5 (medium): GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict…
CVE-2018-11713 — CVSS 6.5 (medium): WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to…
CVE-2026-2436 — CVSS 6.5 (medium): A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()…
CVE-2026-5119 — CVSS 5.9 (medium): A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in…
CVE-2026-1539 — CVSS 5.8 (medium): A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When…
CVE-2026-1467 — CVSS 5.8 (medium): A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when…
CVE-2026-1536 — CVSS 5.8 (medium): A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line…
CVE-2026-3099 — CVSS 5.8 (medium): A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track…
CVE-2026-2443 — CVSS 5.3 (medium): A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers…
CVE-2026-4271 — CVSS 5.3 (medium): A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2…
CVE-2026-1801 — CVSS 5.3 (medium): A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing…
CVE-2011-2524 — CVSS 5.0 (medium): Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via…
CVE-2012-2132 — CVSS 5.0 (medium): libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote…
CVE-2026-3633 — CVSS 3.9 (low): A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject…
CVE-2026-3634 — CVSS 3.9 (low): A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed…
CVE-2026-3632 — CVSS 3.9 (low): A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not…
CVE-2026-2708 — CVSS 3.7 (low): A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in…