Lucene search
K

86 matches found

RedHat Linux
RedHat Linux
added 2026/03/26 8:30 p.m.7 views

Django: Django: Denial of Service via crafted request with duplicate headers

A flaw was found in Django. A remote attacker can exploit this vulnerability by sending a crafted request containing multiple duplicate headers to the ASGIRequest component. This can lead to a potential Denial of Service DoS, making the affected system unavailable to legitimate users...

7.5CVSS7.1AI score0.00993EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/03/26 8:28 p.m.9 views

Django: Django: Denial of Service via crafted request with duplicate headers

A flaw was found in Django. A remote attacker can exploit this vulnerability by sending a crafted request containing multiple duplicate headers to the ASGIRequest component. This can lead to a potential Denial of Service DoS, making the affected system unavailable to legitimate users...

7.5CVSS7.1AI score0.00993EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.5 views

CVE-2026-26308

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating eac...

8.2CVSS5.8AI score0.00293EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.6 views

EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2026-1584)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing...

8.2CVSS5.9AI score0.00505EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.8 views

EulerOS 2.0 SP10 : libsoup (EulerOS-SA-2026-1316)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing...

8.2CVSS5.9AI score0.00505EPSS
Exploits0References2
OSV
OSV
added 2026/03/13 8:7 p.m.3 views

GHSA-2MJP-6Q6P-2QXM Undici has an HTTP Request/Response Smuggling issue

Impact Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: - Applications usi...

6.5CVSS5.8AI score0.00493EPSS
Exploits0References7
OSV
OSV
added 2026/03/13 9:11 a.m.4 views

EEF-CVE-2026-23941 Request smuggling via first-wins Content-Length parsing in inets httpd

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/...

7CVSS5.8AI score0.00528EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/13 9:11 a.m.26 views

CVE-2026-23941 Request smuggling via first-wins Content-Length parsing in inets httpd

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

7CVSS0.00528EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/03/13 9:11 a.m.5 views

CVE-2026-23941

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

9.4CVSS7.3AI score0.00528EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.14 views

PT-2026-25163

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 and 27.3.4.9 inets versions 5.10 through 9.6.1 inets versions 9.1.0.5 and 9.3.2.3 Description An inconsistent interpretation of HTTP requests, specifically 'HTTP Request...

9.7CVSS7.2AI score0.00528EPSS
Exploits0References59
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-1525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This...

9.8CVSS6.9AI score0.00493EPSS
Exploits0References3
OSV
OSV
added 2026/03/12 8:16 p.m.2 views

DEBIAN-CVE-2026-1525

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications...

9.8CVSS7.2AI score0.00493EPSS
Exploits0References1
NVD
NVD
added 2026/03/12 8:16 p.m.6 views

CVE-2026-1525

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications...

9.8CVSS0.00493EPSS
Exploits0References5
OSV
OSV
added 2026/03/12 7:56 p.m.5 views

CVE-2026-1525 undici is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications...

6.5CVSS7.1AI score0.00493EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/03/12 7:56 p.m.0 views

CVE-2026-1525 undici is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications...

6.5CVSS5.8AI score0.00493EPSS
Exploits0References5
CVE
CVE
added 2026/03/12 7:56 p.m.119 views

CVE-2026-1525

CVE-2026-1525 is an Undici HTTP client issue where passing duplicate Content-Length headers (especially with mixed case variants like Content-Length and content-length) can produce malformed HTTP/1.1 requests and enable HTTP Request Smuggling in misconfigured environments. Public advisories indic...

9.8CVSS5.8AI score0.00493EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.5 views

undici 安全漏洞

Undici is an open-source HTTP/1.1 client developed by Node.js. Undici has a security vulnerability that stems from allowing duplicate HTTP Content-Length headers. This can lead toHTTP/1.1 requests with multiple conflicting Content-Length values, potentially causing denial-of-service attacks or HT...

9.8CVSS6.8AI score0.00493EPSS
Exploits0References6
NVD
NVD
added 2026/03/10 8:16 p.m.4 views

CVE-2026-26308

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating eac...

8.2CVSS0.00293EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 7:1 p.m.4 views

CVE-2026-26308

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating eac...

7.5CVSS5.8AI score0.00293EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/10 6:30 p.m.2 views

GHSA-GHC4-35X6-CRW5 Envoy has RBAC Header Validation Bypass via Multi-Value Header Concatenation

Summary The Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating each header value individually, Envoy concatenates all values into a single comma-separated...

7.5CVSS5.8AI score0.00293EPSS
Exploits1References4
Rows per page
Query Builder