Lucene search
K

274 matches found

OSV
OSV
added 2026/05/06 10:16 p.m.8 views

DEBIAN-CVE-2026-41417

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

5.3CVSS5.8AI score0.00307EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/05/06 8:52 p.m.18 views

CVE-2026-41417

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

5.3CVSS5.8AI score0.00307EPSS
Exploits1
Atlassian
Atlassian
added 2026/05/06 4:29 p.m.6 views

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Jira Software Data Center

This is a vulnerability in a non-Atlassian Jira dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This High severity HTTP Request Smuggling vulnerability was introduced in versions 9.12.1, 10.3.0, 11.3.0 of Jira Software Data Center and Jira...

7.5CVSS5.2AI score0.0064EPSS
Exploits1
SUSE Linux
SUSE Linux
added 2026/05/06 12:8 p.m.10 views

Security update for erlang

This update for erlang fixes the following issues: CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal bsc1258663. CVE-2026-23941: HTTP Request Smuggling in Erlang OTP bsc1259687. CVE-2026-23942: path traversal vulnerability in Erlang OTP bsc1259681. CVE-2026-23943: denia...

9.1CVSS7.2AI score0.00644EPSS
Exploits0References20
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 4:7 p.m.12 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-http (CVE-2026-2332)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-2332 reported for jetty-http-12.0.25.jar. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "fun...

9.1CVSS5.8AI score0.01127EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.13 views

RHCOS 4 : OpenShift Container Platform 4.16.45 (RHSA-2025:11682)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:11682 advisory. - net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 Note that Nessus has not tested for this...

9.1CVSS7.2AI score0.00724EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.15 views

Amazon Linux 2 : tomcat, --advisory ALAS2TOMCAT9-2026-025 (ALASTOMCAT9-2026-025)

The version of tomcat installed on the remote host is prior to 9.0.117-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2026-025 advisory. Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via...

9.1CVSS7.3AI score0.03494EPSS
Exploits2References20
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.13 views

openSUSE 16 Security Update : erlang (openSUSE-SU-2026:20607-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20607-1 advisory. Security issues fixed: - CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and remote arbitra...

9.8CVSS5.8AI score0.00644EPSS
Exploits0References22
UbuntuCve
UbuntuCve
added 2026/04/23 10:16 p.m.6 views

CVE-2026-2708

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...

5.3CVSS5.8AI score0.00321EPSS
Exploits1References1
OSV
OSV
added 2026/04/22 2:37 p.m.12 views

GHSA-XHJ4-VRGC-HR34 actix-http has HTTP/1.1 CL.TE Request Smuggling

A vulnerability in actix-http's HTTP/1.1 request parser allows an unauthenticated remote client to smuggle requests in deployments where a front-end HTTP intermediary and the Actix backend disagree about whether Content-Length or Transfer-Encoding: chunked defines the request body length. Severit...

6.3CVSS5.8AI score
Exploits0References4
OSV
OSV
added 2026/04/22 11:46 a.m.6 views

SUSE-SU-2026:21374-1 Security update for erlang

This update for erlang fixes the following issues: Security issues fixed: - CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and remote arbitrary reads/writes bsc1258663. - CVE-2026-23941: improper handling of duplicate Content-Length headers in...

9.8CVSS7.5AI score0.00644EPSS
Exploits0References16
NVD
NVD
added 2026/04/21 3:16 p.m.6 views

CVE-2025-31958

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...

8.2CVSS0.00177EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/17 6:51 p.m.15 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Netty framework

Summary Due to use of the Netty framework, DevOps Test Performance and Rational Performance Tester contain a potential HTTP request smuggling vulnerability. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions...

7.5CVSS5.7AI score0.0064EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/04/15 1:37 p.m.4 views

SUSE-SU-2026:1353-1 Security update for netty, netty-tcnative

This update for netty, netty-tcnative fixes the following issues: Upidate to 4.1.132: - CVE-2026-33870: incorrectly parses quoted strings in HTTP/1.1 can lead to request smuggling bsc1261031. - CVE-2026-33871: sending a flood of CONTINUATION frames can lead to a denial of service bsc1261043...

8.7CVSS5.9AI score0.01125EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-24880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects...

7.5CVSS7.1AI score0.00453EPSS
Exploits0References3
NVD
NVD
added 2026/04/09 8:16 p.m.3 views

CVE-2026-24880

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100,...

7.5CVSS0.00453EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/09 8:16 p.m.3 views

CVE-2026-24880

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100,...

7.5CVSS5.8AI score0.00453EPSS
Exploits0References3
OSV
OSV
added 2026/04/09 8:16 p.m.3 views

UBUNTU-CVE-2026-24880

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100,...

7.5CVSS5.8AI score0.00453EPSS
Exploits0References4
OSV
OSV
added 2026/03/31 10:16 p.m.6 views

DEBIAN-CVE-2026-34441

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread...

6.5CVSS5.7AI score0.00196EPSS
Exploits1References1
OSV
OSV
added 2026/03/17 10:16 a.m.5 views

UBUNTU-CVE-2026-3632

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where...

5.5CVSS7AI score0.00207EPSS
Exploits1References2
Rows per page
Query Builder