CVE-2026-49840

CVE-2026-49840 affects FreeSWITCH libesl before version 1.11.1. The flaw occurs in esl_recv_event(): Content-Length is parsed with atol() and the result is passed to malloc(len + 1) without sign or magnitude checks, allowing a pre-authentication, remote attacker to corrupt the heap or crash the p...

CVE-2026-49753

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

CVE-2026-5589

An integer underflow in btmeshsolrecv in the Bluetooth Mesh solicitation handling subsys/bluetooth/mesh/solicitation.c leads to an out-of-bounds write. When CONFIGBTMESHODPRIVPROXYSRV is enabled, the function parses solicitation PDUs from raw BLE advertising payloads. The AD parsing loop reads an...

CVE-2026-49753

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

EUVD-2026-33941

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

CVE-2026-49753

Summary of the vulnerability : CVE-2026-49753 affects the Elixir Mint HTTP/1 client. The root cause is a lenient Content-Length parser in Mint.HTTP1.Parse.content_length_header/1, which accepts a leading + sign (e.g., +0, +123) despite RFC 7230 requiring unsigned digits only. When the same Mint c...

CVE-2026-49753 HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

EEF-CVE-2026-49753 HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 i...

PT-2026-45786

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.content length header/1...

CVE-2026-48685

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ipv6: A buffer overflow vulnerability has been fixed in ipv6findtlv. The value of optlen is retrieved without checking whether there are more than one bytes to parse. This can lead to a buffer overflow. This issue was identified ...

OESA-2026-1639 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.1, when a cpp-httplib client uses the...

OESA-2026-1637 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.1, when a cpp-httplib client uses the...

EEF-CVE-2026-23941 Request smuggling via first-wins Content-Length parsing in inets httpd

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/...

CVE-2026-23941

CVE-2026-23941 - Erlang OTP inets httpd HTTP Request Smuggling Technical details in connected documents describe a vulnerability in Erlang OTP’s inets httpd module (httpd_request.erl, httpd_request:parse_headers/7) where the server does not reject or normalize duplicate Content-Length headers. Th...

MiracleLinux 9 : expat-2.5.0-2.el9_4.1 (AXSA:2024-8824:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8824:05 advisory. libexpat: Negative Length Parsing Vulnerability in libexpat CVE-2024-45490 libexpat: Integer Overflow or Wraparound CVE-2024-45491 libexpat: integer...

MiracleLinux 7 : expat-2.1.0-15.0.1.el7.AXS7 (AXSA:2024-8927:07)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8927:07 advisory. CVE-2024-45490: Reject negative length for XMLParseBuffer in xmlparse.c CVE-2024-45491: Detect integer overflow in dtdCopy on 32-bit platforms...

MiracleLinux 8 : expat-2.2.5-15.el8_10 (AXSA:2024-8843:06)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8843:06 advisory. libexpat: Negative Length Parsing Vulnerability in libexpat CVE-2024-45490 libexpat: Integer Overflow or Wraparound CVE-2024-45491 libexpat: integer...

CVE-2020-7658

meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing...

CVE-2025-15418

CVE-2025-15418 affects Open5GS up to 2.7.6. The vulnerability is in the function ogs_gtp2_parse_bearer_qos (lib/gtp/v2/types.c) within the Bearer QoS IE Length Handler, where manipulation can cause a denial of service . The attack is local (requires local access). Public exploit availability is i...