3649 matches found
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Vulnerabilit...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)
Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Vulnerability...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to HTTP Request Smuggling CVE-2026-1002
Summary Vert.x is used by the IBM Datapower Operations Dashboard as part of their network implementation Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using...
HTTP Request Smuggling
Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to HTTP Request Smuggling via multipart reque...
Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2026-1778)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1778 advisory. OOB Read via Integer Overflow on libsoup through libsoup/websocket/soup-websocket-connection.c via processframe leads to Undefined Behavior CVE-2026-0716 A flaw was found in libsoup, an HTTP...
CVE-2026-41873
UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under t...
CVE-2026-48861
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...
CVE-2026-8620
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request...
K000161600: Apache Tomcat vulnerability CVE-2026-24880
Security Advisory Description Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115,...
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Jira Software Data Center
This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This High severity HTTP Request Smuggling vulnerability was introduced in versions 9.12.1, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0,...
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Jira Service Management Data Center
This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity HTTP Request Smuggling vulnerability was introduced in versions 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0,...
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Confluence Data Center
This High severity HTTP Request Smuggling vulnerability was introduced in versions 7.0.1, 7.4.0, 7.13.0, 7.19.0, 8.5.0, 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a...
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Confluence Data Center
This is a vulnerability in a non-Atlassian Confluence dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This High severity HTTP Request Smuggling vulnerability was introduced in versions 7.0.1, 7.4.0, 7.13.0, 7.19.0, 8.5.0, 8.9.0, 9.0.1, 9.1.0,...
CVE-2026-49753
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...
CVE-2026-49753
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...
Libsoup: libsoup: http request smuggling via unsigned to signed conversion error
...
Security Bulletin: Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
Summary Security Vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected ...
PT-2026-45786
Name of the Vulnerable Software and Affected Versions mint versions 0.1.0 through 1.8.x Description An inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, allows attacker-controlled HTTP/1 servers to desynchronize response framing on shared connections. The iss...