Lucene search
K

273 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/17 9:44 a.m.4 views

CVE-2026-3632

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where...

3.9CVSS5.8AI score0.00207EPSS
Exploits1References4
CVE
CVE
added 2026/03/17 9:44 a.m.93 views

CVE-2026-3632

CVE-2026-3632 affects the libsoup library used to send network requests. The root cause is improper hostname validation which allows special characters to be injected into HTTP headers, enabling HTTP smuggling and, in some cases, Server-Side Request Forgery (SSRF) . The incident is contextualized...

5.5CVSS5.8AI score0.00207EPSS
Exploits1References3Affected Software2
SUSE CVE
SUSE CVE
added 2026/03/14 12:24 a.m.7 views

SUSE CVE-2026-32240

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/13 9:11 a.m.10 views

EUVD-2026-11776

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

7CVSS5.8AI score0.00528EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-32239

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References4
OSV
OSV
added 2026/03/12 8:16 p.m.5 views

DEBIAN-CVE-2026-32239

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

6.5CVSS5.3AI score0.00207EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 8:16 p.m.6 views

UBUNTU-CVE-2026-32239

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/03/12 7:35 p.m.5 views

CVE-2026-32240

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This...

6.5CVSS5.3AI score0.00207EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/12 7:33 p.m.5 views

CVE-2026-32239

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

6.5CVSS5.3AI score0.00207EPSS
Exploits0
CVE
CVE
added 2026/03/12 7:33 p.m.37 views

CVE-2026-32239

Cap'n Proto prior to 1.4.0 mishandles a negative Content-Length value by converting it to unsigned, effectively allowing an HTTP request/response smuggling vector. The issue affects Cap'n Proto’s data interchange/RPC handling where untrusted HTTP boundaries could be exploited. The vulnerability i...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/12 7:33 p.m.26 views

CVE-2026-32239 Cap'n Proto has an integer overflow in KJ-HTTP

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

6.3CVSS0.00207EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.7 views

SUSE SLES15 Security Update : libsoup2 (SUSE-SU-2026:0834-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0834-1 advisory. - CVE-2025-32049: denial of service attack to websocket server bsc1240751. - CVE-2026-1467: lack of input sanitization can lead to...

9.1CVSS7AI score0.00821EPSS
Exploits2References22
ATTACKERKB
ATTACKERKB
added 2026/03/04 11:32 p.m.6 views

CVE-2026-2835

An HTTP Request Smuggling vulnerability CWE-444 has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due to improperly allowing HTTP/1.0 request bodies to be close-delimited and incorrect handling of multiple Transfer-Encoding values, allowing attackers...

9.3CVSS5.9AI score0.00707EPSS
Exploits0References2
CVE
CVE
added 2026/03/04 11:32 p.m.80 views

CVE-2026-2835

Pingora contains an HTTP Request Smuggling (CWE-444) flaw in its parsing of HTTP/1.0 bodies and multiple Transfer-Encoding values, which can desynchronize request framing and allow a frontend proxy to bypass ACLs, poison caches, and enable cross-user attacks when Fronting certain backends. Cloudf...

9.3CVSS5.9AI score0.00707EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/02 2:1 p.m.6 views

CVE-2026-1760

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests,...

5.3CVSS5.4AI score0.00423EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/26 9:24 a.m.30 views

CVE-2025-41082 HTTP Request/Response Smuggling in Altitude Communication Server

Illegal HTTP request traffic vulnerability CL.0 in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which...

6.9CVSS0.00386EPSS
Exploits0References1
Metasploit
Metasploit
added 2026/01/22 6:57 p.m.350 views

Oracle E-Business Suite CVE-2025-61882 RCE

This module exploits CVE-2025-61882 in Oracle E-Business Suite by combining SSRF, Path Traversal, HTTP request smuggling and XSLT injection. The exploit hosts a malicious XSL file that the target will fetch and process, leading to RCE. This module provides an interactive shell session. Vulnerable...

9.8CVSS7.7AI score0.99722EPSS
Exploits14
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : rh-nodejs14-nodejs-nodemon-2.0.3-6.el7, rh-nodejs14-nodejs-14.18.2-1.el7 (AXSA:2022-2921:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2921:01 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ansi-regex: Regular expression denial of service ReDoS matching ANSI esca...

9.8CVSS8AI score0.03563EPSS
Exploits4References7
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 9 : nodejs-nodemon-2.0.19-1.el9, nodejs-16.16.0-1.el9 (AXSA:2022-4073:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4073:01 advisory. nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-parent: Regular expression denial of service CVE-2020-28469...

9.8CVSS7.4AI score0.77766EPSS
Exploits6References11
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : rh-ruby27-ruby-2.7.3-129.el7 (AXSA:2021-1769:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1769:01 advisory. ruby: Potential HTTP request smuggling in WEBrick CVE-2020-25613 ruby: XML round-trip vulnerability in REXML CVE-2021-28965 Tenable has extracted th...

7.5CVSS7.4AI score0.05061EPSS
Exploits0References3
Rows per page
Query Builder