Lucene search
+L

7391 matches found

NCSC
NCSC
added yesterday9 views

Vulnerabilities in SAP-products

SAP has identified vulnerabilities in the following SAP NetWeaver Application Server ABAP, SAP Approuter, SAP Commerce Cloud, SAP NetWeaver Application Server Java, SAProuter, SAP Change and Transport System Attach Tool, SAP NetWeaver Enterprise Portal, SAP S/4HANA modules, SAP Fiori Launchpad, S...

9.9CVSS7.1AI score0.01339EPSS
Exploits7References1
Nuclei
Nuclei
added 2 days ago369 views

Qlik Sense Enterprise - HTTP Request Smuggling

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

9.9CVSS7.1AI score0.84967EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago6 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a HTTP Request Smuggling Vulnerability in Netty (CVE-2026-33870)

Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the Server/Agent/Relay communication system. CVE-2026-33870. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...

7.5CVSS6.6AI score0.0064EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added 4 days ago25 views

CVE-2026-12606

Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling...

6.3CVSS0.00188EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43641

Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling...

6.3CVSS6.1AI score0.00188EPSS
Exploits0References1
CVE
CVE
added 4 days ago7 views

CVE-2026-12606

CVE-2026-12606 affects Eclipse Grizzly prior to 5.0.2. The issue is in parsing the trailer section of malformed trailer headers, which can be exploited to perform HTTP request smuggling. Affected component: Grizzly HTTP parsing logic. Root cause: improper handling of trailer headers in malformed ...

6.3CVSS6.1AI score0.00188EPSS
Exploits0References1Affected Software1
NVD
NVD
added 4 days ago7 views

CVE-2026-27690

Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to ...

9.1CVSS0.00539EPSS
Exploits0References2
CVE
CVE
added 4 days ago29 views

CVE-2026-27690

CVE-2026-27690 describes an HTTP Request Smuggling vulnerability in SAP Approuter. An unauthenticated attacker can send specially crafted requests to trigger request–response desynchronization, potentially exposing user responses and causing service unavailability. The CVE’s impact is listed as h...

9.1CVSS6AI score0.00539EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-27690

Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to ...

9.1CVSS6AI score0.00539EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-43584

Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to ...

9.1CVSS6AI score0.00539EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago25 views

CVE-2026-27690 HTTP Request Smuggling in SAP Approuter

Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to ...

9.1CVSS0.00539EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago11 views

PT-2026-57935

Name of the Vulnerable Software and Affected Versions SAP Approuter affected versions not specified Description An unauthenticated attacker can exploit an HTTP Request Smuggling issue by sending a specially crafted HTTP request. This leads to request-response desynchronization, a condition where...

9.1CVSS6AI score0.00539EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-57984

Name of the Vulnerable Software and Affected Versions Eclipse Grizzly versions prior to 5.0.2 Description An issue exists where the software cannot properly parse the trailer section in a malformed trailer header line. This flaw can be leveraged to perform HTTP request smuggling, a technique used...

6.3CVSS6.1AI score0.00188EPSS
Exploits0References4
OSV
OSV
added 5 days ago3 views

SUSE-SU-2026:2883-1 Security update for nghttp2

This update for nghttp2 fixes the following issue - CVE-2026-58055: HTTP/1.1 Upgrade request can lead to HTTP request smuggling and cross-client response-queue poisoning bsc1269489...

6.3CVSS6.2AI score0.00202EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 1:13 p.m.2 views

OPENSUSE-SU-2026:21302-1 Security update for nghttp2

This update for nghttp2 fixes the following issue - CVE-2026-58055: HTTP request/response smuggling via upgrade request with Content-Length bsc1269489...

6.3CVSS6.2AI score0.00202EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2026/07/10 12:0 a.m.3 views

The vulnerability of the framework for developing network applications, servers, and client protocols using Netty arises from deficiencies in HTTP request processing. This allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the framework for developing network applications, servers, and client protocols using Netty is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely HTTP Request Smuggling attack...

7.8CVSS6.1AI score0.0064EPSS
Exploits1References3Affected Software2
EUVD
EUVD
added 2026/07/09 11:19 p.m.12 views

EUVD-2026-33941

mint: Content-Length header accepts non-RFC "+" sign prefix...

6.3CVSS5.9AI score0.00301EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/09 11:19 p.m.13 views

EUVD-2026-33938

mint has potential CRLF injection in its HTTP request line via unvalidated method/target...

2.1CVSS5.9AI score0.00166EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/09 3:29 p.m.4 views

netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers

A flaw was found in Netty's HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both Transfer-Encoding: chunked and Content-Length headers. While Netty correctly strips the conflicting Content-Length header for HTTP/1.1 messages, thi...

9.8CVSS6.8AI score0.00607EPSS
Exploits1References5
OSV
OSV
added 2026/07/09 12:56 p.m.3 views

OESA-2026-2980 nghttp2 security update

The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2. Security Fixes: nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade...

6.3CVSS6.1AI score0.00202EPSS
Exploits0References2
Rows per page
Query Builder