CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

undertow: Undertow: Request Smuggling via Malformed HTTP Request Headers

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

9.1CVSS5.5AI score0.00677EPSS

Exploits0References4

RedHat Linux•added 6 days ago•4 views

undertow: Undertow: Request Smuggling via Malformed HTTP Request Headers

9.1CVSS5.5AI score0.00677EPSS

Exploits0References4

Tenable Nessus•added 2026/05/11 12:0 a.m.•4 views

Unity Linux 20.1060e / 20.1070e Security Update: samba (UTSA-2026-017651)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017651 advisory. A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LD...

7.5CVSS6.8AI score0.04246EPSS

Exploits0References4

UbuntuCve•added 2026/04/09 6:17 p.m.•0 views

CVE-2026-39983

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS5.8AI score0.01945EPSS

Exploits1References4

CNNVD•added 2026/04/06 12:0 a.m.•4 views

fast-jwt 加密问题漏洞

fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt up to 6.1.0 contained a vulnerability related to encryption. This vulnerability stemmed from the ^ anchor character in the publicKeyPemMatcher regular expression, which could be bypassed by leading spaces i...

9.1CVSS5.7AI score0.00235EPSS

Exploits1References1

Tenable Nessus•added 2026/03/28 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-28369

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the...

9.1CVSS5.6AI score0.00677EPSS

Exploits0References4

EUVD•added 2026/03/27 6:31 p.m.•16 views

EUVD-2026-16698

8.7CVSS5.9AI score0.00677EPSS

Exploits0References3

Snyk•added 2026/03/27 6:31 p.m.•3 views

HTTP Request Smuggling

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to HTTP Request Smuggling due to incorrect handling of white-spaces in HTTP request headers. An attacker can gain unauthorized access to restricted information or...

9.1CVSS5.4AI score0.00677EPSS

Exploits0References2

OSV•added 2026/03/27 6:31 p.m.•1 views

GHSA-VQQJ-9CMV-HX43 Undertow is Vulnerable to HTTP Request/Response Smuggling

8.7CVSS5.9AI score0.00677EPSS

Exploits0References6

Github Security Blog•added 2026/03/27 6:31 p.m.•6 views

Undertow is Vulnerable to HTTP Request/Response Smuggling

9.1CVSS5.9AI score0.00677EPSS

Exploits0References6Affected Software1

OSV•added 2026/03/27 5:16 p.m.•3 views

DEBIAN-CVE-2026-28369

9.1CVSS5.5AI score0.00677EPSS

Exploits0References1

NVD•added 2026/03/27 5:16 p.m.•4 views

CVE-2026-28369

9.1CVSS0.00677EPSS

Exploits0References4

UbuntuCve•added 2026/03/27 5:16 p.m.•0 views

CVE-2026-28369

9.1CVSS5.9AI score0.00677EPSS

Exploits0References3

CVE•added 2026/03/27 4:13 p.m.•59 views

CVE-2026-28369

Undertow contains a vulnerability where the first HTTP header line with leading spaces is stripped, violating HTTP standards and enabling request smuggling. Affected component: Undertow HTTP header parsing. Root cause: improper handling that trims leading spaces on the initial header line. Impact...

9.1CVSS5.9AI score0.00677EPSS

Exploits0References4Affected Software10

ATTACKERKB•added 2026/03/27 4:13 p.m.•1 views

CVE-2026-28369

8.7CVSS5.9AI score0.00677EPSS

Exploits0References3

Vulnrichment•added 2026/03/27 4:13 p.m.•2 views

CVE-2026-28369 Undertow: undertow: request smuggling via malformed http request headers

8.7CVSS5.9AI score0.00677EPSS

Exploits0References4

Cvelist•added 2026/03/27 4:13 p.m.•25 views

CVE-2026-28369 Undertow: undertow: request smuggling via malformed http request headers

8.7CVSS0.00677EPSS

Exploits0References4

Tenable Nessus•added 2026/01/22 12:0 a.m.•4 views

Azure Linux 3.0 Security Update: samba (CVE-2021-20277)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-20277 advisory. - A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an...

7.5CVSS5.6AI score0.04246EPSS

Exploits0References2

RedhatCVE•added 2025/11/21 7:37 p.m.•3 views

CVE-2025-55127

HackerOne community member Dao Hoang Anh yoyomiski has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate counterpart when the username is displayed in the...

5.4CVSS6.8AI score0.00207EPSS

Exploits1References1

OSV•added 2025/11/20 7:16 p.m.•2 views

CVE-2025-55127

5.4CVSS5.8AI score0.00207EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by