CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/01 9:16 p.m.•1 views

CVE-2026-39805

Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a request...

6.3CVSS0.00031EPSS

CVE•added 2026/05/01 8:34 p.m.•11 views

CVE-2026-39805

CVE-2026-39805 describes an HTTP request smuggling flaw in Elixir Bandit (bandit) due to Bandit.Headers:get_content_length/1 using List.keyfind/3. If a request carries two Content-Length headers with different values, Bandit may read the body using the first value and dispatch the remaining bytes...

Vulnrichment•added 2026/05/01 8:34 p.m.•3 views

CVE-2026-39805 CL.CL HTTP request smuggling via duplicate Content-Length in bandit

Cvelist•added 2026/05/01 8:34 p.m.•27 views

CVE-2026-39805 CL.CL HTTP request smuggling via duplicate Content-Length in bandit

6.3CVSS0.00031EPSS

OSV•added 2026/05/01 8:34 p.m.•1 views

EEF-CVE-2026-39805 CL.CL HTTP request smuggling via duplicate Content-Length in bandit

Summary Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a...

Tenable Nessus•added 2026/05/01 12:0 a.m.•11 views

Atlassian Bamboo 9.6.x < 9.6.25 / 10.x < 10.2.18 / 11.x < 12.1.6 Multiple Vulnerabilities

The version of Atlassian Bamboo installed on the remote host is 9.6.x prior to 9.6.25, 10.x prior to 10.2.18, or 11.x prior to 12.1.6. It is, therefore, affected by multiple vulnerabilities: - An OS command injection vulnerability allows an authenticated attacker to execute commands on the remote...

9.4CVSS7.2AI score0.01093EPSS

Exploits2References8

Positive Technologies•added 2026/05/01 12:0 a.m.•4 views

PT-2026-36541

Name of the Vulnerable Software and Affected Versions bandit versions prior to 1.11.0 Description Inconsistent interpretation of HTTP requests allows HTTP request smuggling via duplicate Content-Length headers. The function get content length in Elixir.Bandit.Headers uses List.keyfind/3, which on...

Amazon•added 2026/04/30 12:0 a.m.•6 views

Exploits0References11

Medium: tomcat

Issue Overview: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0...

9.1CVSS5.7AI score0.12919EPSS

Exploits2

RedhatCVE•added 2026/04/29 12:11 p.m.•2 views

CVE-2026-40560

A flaw was found in Starman. Starman versions before 0.4018 for Perl incorrectly prioritize the "Content-Length" header over "Transfer-Encoding: chunked" when both are present in an HTTP request, violating RFC 7230 3.3.3. A remote attacker could exploit this improper header precedence to perform...

7.5CVSS5.3AI score0.00016EPSS

Positive Technologies•added 2026/04/29 12:0 a.m.•1 views

PT-2026-35895

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When using libcurl, a flaw exists where a custom Host: header set for an initial HTTP request can cause subsequent requests using the same easy handle to use stale information. If the second...

7.5CVSS5.2AI score0.00104EPSS

Exploits7References41

Tenable Nessus•added 2026/04/29 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-40560

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes Content-Length over...

7.5CVSS5.8AI score0.00016EPSS

UbuntuCve•added 2026/04/29 12:0 a.m.•3 views

CVE-2026-40560

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

7.5CVSS5.8AI score0.00016EPSS

Vulnrichment•added 2026/04/28 11:46 p.m.•1 views

CVE-2026-40560 Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence

5.2AI score0.00016EPSS

Cvelist•added 2026/04/28 11:46 p.m.•31 views

CVE-2026-40560 Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence

0.00016EPSS

NVD•added 2026/04/28 4:16 p.m.•2 views

CVE-2026-41873

UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under t...

9.8CVSS0.00174EPSS

Cvelist•added 2026/04/27 6:0 p.m.•29 views

CVE-2026-7146 AlejandroArciniegas mcp-data-vis HTTP Request server.js axios server-side request forgery

A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...

7.5CVSS0.00058EPSS

Exploits0References5

Snyk•added 2026/04/25 6:30 p.m.•1 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the NewServer function in the HTTP server, specifically within the http.DefaultServeMux Fallback Handler. An attacker can access sensitive information by sending crafted HTTP requests that trigger the unintend...

6.9CVSS5.8AI score0.00051EPSS