Lucene search
K

593 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/06 12:36 p.m.12 views

CVE-2026-40562

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/06 1:45 a.m.14 views

SUSE CVE-2026-5766

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

5.3CVSS5.8AI score0.00423EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/05 6:33 p.m.14 views

EUVD-2026-27381

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References4
PyPA
PyPA
added 2026/05/05 4:16 p.m.23 views

PYSEC-2026-54

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to b...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/05 4:16 p.m.16 views

PYSEC-2026-54

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/05 2:49 p.m.10 views

CVE-2026-5766 Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/05/05 2:49 p.m.12 views

CVE-2026-5766

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

Django 安全漏洞

Django is an open-source web framework based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, a view system, and a template system. Versions of Django prior to 6.0.5 and 5.2.14 contained security vulnerabilities. These vulnerabilities...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-5766

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the...

6.3CVSS7AI score0.00423EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.7 views

CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References1
NVD
NVD
added 2026/05/03 1:15 a.m.30 views

CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.3CVSS0.00378EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.19 views

PT-2026-36646

Name of the Vulnerable Software and Affected Versions Starlet versions prior to 0.32 Description Starlet for Perl allows HTTP Request Smuggling due to improper header precedence. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present i...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.10 views

Starlet 环境问题漏洞

Starlet is a high-performance HTTP/1.1 pre-fork web server developed by Kazuho Oku. Versions of Starlet prior to 0.31 contained an environmental vulnerability. This vulnerability stemmed from prioritizing the Content-Length header over the Transfer-Encoding header, which could lead to HTTP reques...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/01 8:34 p.m.4 views

CVE-2026-39805

Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a request...

6.3CVSS5.8AI score0.00518EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/29 12:11 p.m.6 views

CVE-2026-40560

A flaw was found in Starman. Starman versions before 0.4018 for Perl incorrectly prioritize the "Content-Length" header over "Transfer-Encoding: chunked" when both are present in an HTTP request, violating RFC 7230 3.3.3. A remote attacker could exploit this improper header precedence to perform...

7.5CVSS5.3AI score0.00487EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/28 11:46 p.m.4 views

CVE-2026-40560

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.2AI score0.00487EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/24 12:31 a.m.13 views

EUVD-2026-25306

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...

3.7CVSS5.7AI score0.00321EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.7 views

CVE-2026-5440

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

7.5CVSS5.8AI score0.00566EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/13 3:0 a.m.7 views

undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing e.g., "Content-Length" and "content-length". This can lead to HTTP Request Smuggling, a...

9.8CVSS7AI score0.00493EPSS
Exploits0References9
OSV
OSV
added 2026/04/12 6:7 a.m.12 views

RLSA-2026:7080 Important: nodejs22 security update

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

7.5CVSS5.8AI score0.26356EPSS
Exploits2References10
Rows per page
Query Builder