35 matches found
CVE-2026-56306 Capgo - Subkey Enforcement Bypass via x-limited-key-id Header Parsing
Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header ...
PT-2026-47626
Name of the Vulnerable Software and Affected Versions Puma versions 5.5.0 through 7.2.0 Puma versions 8.0.0 through 8.0.1 Description Puma is susceptible to source IP spoofing when persistent connections are used and the set remote address proxy protocol: :v1 configuration is enabled. The issue...
CVE-2026-2708
CVE-2026-2708 affects the Libsoup HTTP/1 parser. The soup_message_headers_append_common() function unconditionally appends header values without validating for duplicate or conflicting Content-Length fields, enabling HTTP request smuggling via multiple Content-Length headers with differing values...
SUSE CVE-2026-32762
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons...
CVE-2026-27444 Header Email Address Parsing
SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it...
CVE-2026-27444
SEPPmail Secure Email Gateway is affected prior to version 15.0.1 due to incorrect parsing of email addresses in headers, leading to an interpretation conflict with other mail infrastructure. This can enable an attacker to fake the email source or decrypt it. The known remediation is upgrading to...
CVE-2025-57783
CVE-2025-57783 affects Hiawatha webserver (versions 8.5–11.7) and is due to improper HTTP header parsing in the fetch_request path, enabling an unauthenticated attacker to smuggle requests and access restricted resources. Connected sources corroborate this entry and also note related issues (5778...
CVE-2025-57783 Improper header parsing may lead to request smuggling
Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver...
EUVD-2025-206340
Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver...
CVE-2026-0792
ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this...
GHSA-MR3Q-G2MV-MR4Q Sinatra is vulnerable to ReDoS through ETag header value generation
Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...
Sinatra 安全漏洞
Sinatra is a Sinatra open source DSL for quickly creating web applications in Ruby with minimal effort A security vulnerability exists in Sinatra versions prior to 4.2.0 that stems from a flaw in the If-Match and If-None-Match header parsing components that could lead to a denial of service attac...
Linux Distros Unpatched Vulnerability : CVE-2021-37149
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic...
Linux Distros Unpatched Vulnerability : CVE-2023-29197
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a...
USN-7709-1: WEBrick vulnerability
It was discovered that WEBrick incorrectly parsed HTTP headers. In configurations where WEBrick is placed behind an HTTP proxy, a remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack...
USN-7709-1 ruby-webrick vulnerability
It was discovered that WEBrick incorrectly parsed HTTP headers. In configurations where WEBrick is placed behind an HTTP proxy, a remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack...
Linux Distros Unpatched Vulnerability : CVE-2025-1734
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers...
CVE-2025-20244
CVE-2025-20244 affects Cisco Secure Firewall ASA/FTD Remote Access SSL VPN Web Server. The flaw arises from incomplete error checking when parsing an HTTP header field value, enabling an authenticated VPN user to trigger a device reload and DoS. Affected: ASA/FTD Remote Access VPN Web Server; imp...
ROS-20250813-01
A vulnerability in the tarfile module of the Python programming language interpreter CPython is associated with incorrect parsing of the file header. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...
USN-7645-1 php7.0, php7.2 vulnerabilities
It was discovered that PHP incorrectly parsed certain HTTP response headers. An attacker could possibly use this issue to cause incorrect MIME type parsing which could result in unexpected behavior. CVE-2025-1217 It was discovered that PHP did not properly validate certain HTTP headers. An attack...