Lucene search
K

593 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/07 2:22 p.m.6 views

CVE-2026-33034

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

5.9AI score0.00769EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

Django 安全漏洞

Django is an open-source web framework based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, a view system, and a template system. Versions of Django prior to 6.0.4, 5.2.13, and 4.2.30 contained security vulnerabilities. These...

7.5CVSS5.8AI score0.00769EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/03 8:39 p.m.4 views

CVE-2026-34831

A flaw was found in Rack. A remote attacker can exploit this vulnerability by requesting a non-existent path containing percent-encoded UTF-8 characters. This causes Rack::Filesfail to incorrectly calculate the Content-Length header, using Stringsize instead of Stringbytesize for multibyte...

6.5CVSS5.8AI score0.00147EPSS
Exploits0References4
NVD
NVD
added 2026/04/03 4:16 p.m.5 views

CVE-2026-23457

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix Content-Length u32 truncation in siphelptcp siphelptcp parses the SIP Content-Length header with simplestrtoul, which returns unsigned long, but stores the result in unsigned int clen. On 64-bit...

8.6CVSS0.00375EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.8 views

PT-2026-30151

Name of the Vulnerable Software and Affected Versions The Linux kernel affected versions not specified Description A flaw exists in the sip help tcp function within the netfilter module. This function parses the SIP Content-Length header using simple strtoul, which returns an unsigned long, but...

8.6CVSS5.3AI score0.00375EPSS
Exploits0References497
Snyk
Snyk
added 2026/04/02 6:20 p.m.5 views

Denial of Service (DoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

8.7CVSS6AI score0.00369EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-29817

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack's Rack::Multipart::Parser does not limit the size of multipart uploads when a Content-Length header is not present, such as with HTTP chunked transfer encoding. Specifically, wh...

7.8CVSS5.9AI score0.0043EPSS
Exploits0References54
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.9 views

Rack 安全漏洞

Rack is a modular Ruby web server interface developed by Rack authors. Vulnerabilities exist in versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6. These vulnerabilities stem from the use of Stringsize instead of Stringbytesize to set the Content-Length response header in Rack::Filesfail, which...

6.5CVSS5.8AI score0.00147EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.9 views

PT-2026-29819

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack’s Rack::Filesfail function incorrectly calculates the Content-Length response header using Stringsize instead of Stringbytesize. This occurs when the response body contains...

7.5CVSS5.9AI score0.00209EPSS
Exploits0References54
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.3 views

CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

7CVSS5.8AI score0.00528EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/21 12:0 a.m.5 views

Fedora 42 : cpp-httplib (2026-6ed9c65eaf)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6ed9c65eaf advisory. Update to 0.37.1 rbhz2445943 - Fixes Denial of Service via malformed Content-Length header CVE-2026-31870 - Reenables 32-bit build Update to 0.37.0...

7.5CVSS6AI score0.00602EPSS
Exploits4References5
OSV
OSV
added 2026/03/20 2:24 p.m.14 views

OESA-2026-1667 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Inconsistent Interpretation of HTTP Requests 'HTTP...

9.4CVSS5.8AI score0.00644EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.4 views

Fedora 44 : cpp-httplib (2026-2c2afa9f9e)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2c2afa9f9e advisory. Update to 0.37.1 - Fixes Denial of Service via malformed Content-Length header CVE-2026-31870 - Reenable 32b builds Update to 0.37.0 rhbz2441656 -...

7.5CVSS6AI score0.00602EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-23941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This...

9.4CVSS7.1AI score0.00528EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:54 p.m.5 views

CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

9.4CVSS0.00528EPSS
Exploits0References7
OSV
OSV
added 2026/03/13 7:54 p.m.4 views

UBUNTU-CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

9.4CVSS5.8AI score0.00528EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/03/13 9:11 a.m.5 views

CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

9.4CVSS7.3AI score0.00528EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/12 10:12 p.m.6 views

CVE-2026-1525

A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing e.g., "Content-Length" and "content-length". This can lead to HTTP Request Smuggling, a...

9.8CVSS5.7AI score0.00493EPSS
Exploits0References8
NVD
NVD
added 2026/03/12 8:16 p.m.6 views

CVE-2026-1525

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications...

9.8CVSS0.00493EPSS
Exploits0References5
OSV
OSV
added 2026/03/12 8:16 p.m.5 views

UBUNTU-CVE-2026-1525

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications...

9.8CVSS5.8AI score0.00493EPSS
Exploits0References2
Rows per page
Query Builder