16521 matches found
CVE-2026-7146 AlejandroArciniegas mcp-data-vis HTTP Request server.js axios server-side request forgery
A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the NewServer function in the HTTP server, specifically within the http.DefaultServeMux Fallback Handler. An attacker can access sensitive information by sending crafted HTTP requests that trigger the unintend...
CVE-2026-2708
CVE-2026-2708 affects the Libsoup HTTP/1 parser. The soup_message_headers_append_common() function unconditionally appends header values without validating for duplicate or conflicting Content-Length fields, enabling HTTP request smuggling via multiple Content-Length headers with differing values...
CVE-2026-2708
A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...
Security Bulletin: Vulnerability in libsoup affects IBM Netezza Appliance
Summary The libsoup package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVECVE-2025-14523 Vulnerability Details CVEID:CVE-2025-14523 DESCRIPTION: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last...
EUVD-2026-24529
WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds isSSRFSafeURL validation but leaves DNS TOCTOU vulnerabilities where DNS rebinding between validation and the actual HTTP request redirects traffic to internal...
CVE-2025-31958 HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...
CVE-2025-31958 HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...
📄 ASP.net 8.0.10 Core Kestrel HTTP Request Smuggling
This Metasploit auxiliary module targets a critical HTTP request smuggling vulnerability in ASP.NET Core Kestrel caused by improper parsing of malformed chunked transfer encoding notably LF-only line handling and case-variant headers like chUnKEd...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
ROS-20260420-73-0026
Vulnerability in python-aiohttp related to a flaw in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...
OESA-2026-1970 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Inconsistent Interpretation of...
Exploit for CVE-2026-40175
CVE-2026-40175 — Axios CRLF Injection / HTTP Request Smuggling...
HTTP Request Smuggling
Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to HTTP Request Smuggling via the static...
GHSA-XRWR-FCW6-FMQ8 Weblate: SSRF via Project-Level Machinery Configuration
Impact A user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate makes an HTTP request to the attacker-controlled URL and reflec...
Security Bulletin: Multiple Vulnerabilities in IBM Event Processing
Summary Multiple vulnerabilities were addressed in IBM Event Processing 1.5.0 Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. Th...
Security Bulletin: IBM® Db2® is affected by a vulnerability in netty-codec-http-4.1.127 (CVE-2025-67735)
Summary IBM® Db2® is affected by a vulnerability in netty-codec-http-4.1.127 CVE-2025-67735 Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the...
EUVD-2026-22962
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...
EUVD-2026-22970
A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...
CVE-2026-20186
A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...