Lucene search
K

86 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 10:17 a.m.7 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2026.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation released in June 2026. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM...

9.8CVSS8.2AI score0.01815EPSS
Exploits5Affected Software2
OSV
OSV
added 2026/06/24 1:11 p.m.4 views

OESA-2026-2719 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing...

5.3CVSS5.9AI score0.00321EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/22 9:4 p.m.10 views

EUVD-2026-38369

Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header ...

6.4CVSS5.9AI score0.00251EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:16 p.m.3 views

Security Bulletin: Vulnerability in Undici affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Undici has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

9.8CVSS7.2AI score0.0115EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-54388

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content- Length headers with differing values, forwarding all...

9.3CVSS6.1AI score0.00439EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 7:59 p.m.24 views

CVE-2026-54388

Tinyproxy (≤ 1.11.3) is affected by CVE-2026-54388. The issue occurs when a request contains multiple Content-Length headers with differing values: Tinyproxy forwards all duplicate headers to the backend but uses the first value to determine how many body bytes to consume. This desynchronizes pro...

9.3CVSS5.6AI score0.00439EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/17 7:59 p.m.6 views

CVE-2026-54388

Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can...

9.3CVSS5.6AI score0.00439EPSS
Exploits0
EUVD
EUVD
added 2026/05/15 4:22 p.m.15 views

EUVD-2026-30563

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

5.3CVSS5.8AI score0.00119EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/07 5:9 p.m.11 views

Django: Django: Denial of Service via crafted request with duplicate headers

A flaw was found in Django. A remote attacker can exploit this vulnerability by sending a crafted request containing multiple duplicate headers to the ASGIRequest component. This can lead to a potential Denial of Service DoS, making the affected system unavailable to legitimate users...

7.5CVSS7.1AI score0.00993EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/05/07 3:46 a.m.11 views

Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate `Content-Length` header

Summary Bandit is vulnerable to CL.CL HTTP request smuggling: it silently accepts requests with two Content-Length headers whose values differ, takes the first value, and dispatches the body bytes as a second pipelined request on the same keep-alive connection. RFC 9110 §5.3 prohibits multiple...

6.3CVSS5.9AI score0.00518EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/04 2:10 p.m.12 views

Django: Django: Denial of Service via crafted request with duplicate headers

A flaw was found in Django. A remote attacker can exploit this vulnerability by sending a crafted request containing multiple duplicate headers to the ASGIRequest component. This can lead to a potential Denial of Service DoS, making the affected system unavailable to legitimate users...

7.5CVSS7.1AI score0.00993EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/01 8:34 p.m.7 views

CVE-2026-39805 CL.CL HTTP request smuggling via duplicate Content-Length in bandit

Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a request...

6.3CVSS5.8AI score0.00518EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/01 8:34 p.m.4 views

CVE-2026-39805

Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a request...

6.3CVSS5.8AI score0.00518EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

Bandit 环境问题漏洞

Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. An environmental issue vulnerability exists in Bandit versions prior to 1.11.0, which stems from inconsistent handling of duplicate Content-Length headers and could lead to HTTP request entrapment...

6.3CVSS5.8AI score0.00518EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/23 9:51 p.m.5 views

CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...

3.7CVSS5.3AI score0.00321EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/13 2:27 a.m.12 views

undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing e.g., "Content-Length" and "content-length". This can lead to HTTP Request Smuggling, a...

9.8CVSS7AI score0.00493EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/04/11 9:27 a.m.6 views

SUSE CVE-2026-1525

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications using...

9.8CVSS7.1AI score0.00493EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/08 6:17 p.m.13 views

undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing e.g., "Content-Length" and "content-length". This can lead to HTTP Request Smuggling, a...

9.8CVSS5.9AI score0.00493EPSS
Exploits0References9
OSV
OSV
added 2026/04/08 2:23 p.m.6 views

HSEC-2026-0006 Cabal deletes project source files during configure

Cabal deletes project source files during configure The checkDuplicateHeaders function in Distribution.Simple.Configure removes header files from the source directory when a header with the same name exists in both the build directory and the source directory. This behavior was introduced in comm...

5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.6 views

Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1526)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1526 advisory. Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 request...

9.8CVSS7.1AI score0.0115EPSS
Exploits0References14
Rows per page
Query Builder