Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 5 days ago10 views

CVE-2026-38969

A flaw was found in WEBrick, a Ruby web server toolkit. This vulnerability allows a remote attacker to perform request smuggling by manipulating the Content-Length header in HTTP/1.1 requests. WEBrick incorrectly re-parses the trailer Content-Length, leading to a desynchronization between the pro...

7.5CVSS5.9AI score0.00289EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/29 9:0 a.m.7 views

CVE-2026-55603

A flaw was found in http-proxy-middleware. A remote attacker could exploit a vulnerability in the fixRequestBody function, which is used to re-emit a request body. By injecting carriage return and line feed characters \r\n into a request body key or value, an attacker can bypass security policies...

7.5CVSS5.8AI score0.00243EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/17 7:59 p.m.11 views

EUVD-2026-37790

Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can...

9.3CVSS5.5AI score0.00439EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/13 9:11 a.m.5 views

CVE-2026-23941 Request smuggling via first-wins Content-Length parsing in inets httpd

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

7CVSS5.8AI score0.00528EPSS
Exploits0References7
CVE
CVE
added 2026/03/13 9:11 a.m.99 views

CVE-2026-23941

CVE-2026-23941 - Erlang OTP inets httpd HTTP Request Smuggling Technical details in connected documents describe a vulnerability in Erlang OTP’s inets httpd module (httpd_request.erl, httpd_request:parse_headers/7) where the server does not reject or normalize duplicate Content-Length headers. Th...

9.4CVSS5.8AI score0.00528EPSS
Exploits0References7Affected Software2
EUVD
EUVD
added 2025/10/22 9:13 a.m.6 views

EUVD-2025-35358

Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...

6.9CVSS6.4AI score0.00293EPSS
Exploits0References2
Rows per page
Query Builder