Lucene search
+L

183 matches found

Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-59249 Sign-tolerant HTTP/1 chunk-size parser in Mint enables response smuggling against strict intermediaries on pooled connections

Inconsistent interpretation of HTTP requests HTTP response smuggling vulnerability in elixir-mint mint allows a malicious HTTP/1 server to desynchronize a strict intermediary and the Mint client on the same pooled connection, enabling response-queue poisoning against subsequent requests that shar...

6.3CVSS6.1AI score0.00301EPSS
Exploits0References4
CVE
CVE
added 2 days ago9 views

CVE-2026-59249

The CVE concerns the Elixir Mint library (mint) and its HTTP/1.1 decoding path. Specifically, Mint.HTTP1.decode_body/5 parses chunk-size lines using Integer.parse(data, 16), which accepts a leading + or - despite RFC 7230 requiring unsigned hex digits. This leads to a mismatch with RFC-strict int...

6.3CVSS6.1AI score0.00301EPSS
Exploits0References4
OSV
OSV
added 2 days ago5 views

EEF-CVE-2026-59249 Sign-tolerant HTTP/1 chunk-size parser in Mint enables response smuggling against strict intermediaries on pooled connections

Summary Inconsistent interpretation of HTTP requests HTTP response smuggling vulnerability in elixir-mint mint allows a malicious HTTP/1 server to desynchronize a strict intermediary and the Mint client on the same pooled connection, enabling response-queue poisoning against subsequent requests...

6.3CVSS6.1AI score0.00301EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-59249 Sign-tolerant HTTP/1 chunk-size parser in Mint enables response smuggling against strict intermediaries on pooled connections

Inconsistent interpretation of HTTP requests HTTP response smuggling vulnerability in elixir-mint mint allows a malicious HTTP/1 server to desynchronize a strict intermediary and the Mint client on the same pooled connection, enabling response-queue poisoning against subsequent requests that shar...

6.3CVSS0.00301EPSS
Exploits0References4
OSV
OSV
added 4 days ago6 views

MGASA-2026-0250 Updated haproxy packages fix security vulnerability

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

9.1CVSS6.1AI score0.00431EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/03 1:43 p.m.4 views

haproxy: HAProxy: Response smuggling due to integer overflow in FastCGI record length handling

A flaw was found in HAProxy. A malicious FastCGI Fast Common Gateway Interface backend can exploit an integer overflow vulnerability in the fcgiconn structure's drl field. This occurs when specific contentLength and paddingLength values cause the drl field to wrap to zero, leading to incorrect...

9.1CVSS6.1AI score0.00321EPSS
Exploits0References6
OSV
OSV
added 2026/06/22 1:55 p.m.6 views

USN-8459-1 haproxy vulnerabilities

It was discovered that HAProxy incorrectly handled the FCGI demultiplexer record length field. A remote attacker could possibly use this issue to cause incorrect request routing, response smuggling, or other memory safety issues. CVE-2026-55203 It was discovered that HAProxy failed to validate th...

9.1CVSS5.9AI score0.00431EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/02 2:15 p.m.39 views

CVE-2026-49753 HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

6.3CVSS0.00301EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 2:15 p.m.9 views

CVE-2026-49753 HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

6.3CVSS5.8AI score0.00301EPSS
Exploits0References4
CVE
CVE
added 2026/06/02 2:15 p.m.35 views

CVE-2026-49753

Summary of the vulnerability : CVE-2026-49753 affects the Elixir Mint HTTP/1 client. The root cause is a lenient Content-Length parser in Mint.HTTP1.Parse.content_length_header/1, which accepts a leading + sign (e.g., +0, +123) despite RFC 7230 requiring unsigned digits only. When the same Mint c...

6.3CVSS5.8AI score0.00301EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 2:15 p.m.3 views

CVE-2026-49753 HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

6.3CVSS6AI score0.00301EPSS
Exploits0References10
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Apache2

An HTTP response smuggling vulnerability exists in the Apache HTTP Server via modproxyuwsgi. This issue affects the Apache HTTP Server: from version 2.4.30 through 2.4.55. Special characters in the origin response header can cause the response forwarded to the client to be truncated or split...

7.5CVSS7.4AI score0.02134EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/10 7:7 a.m.4 views

CVE-2026-24880

A flaw was found in Apache Tomcat. A remote attacker could exploit an inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, by sending a specially crafted request with an invalid chunk extension. This vulnerability allows an attacker to manipulate the way HTTP...

7.5CVSS5.9AI score0.00453EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/12 10:39 p.m.3 views

Numeric Truncation Error

Overview Affected versions of this package are vulnerable to Numeric Truncation Error in the chunk size parsing process when handling HTTP requests with Transfer-Encoding set to chunked. An attacker can cause HTTP request or response smuggling by sending a chunk size value that parses to 2^64 or...

6.5CVSS6AI score0.00207EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/13 10:36 p.m.3 views

EUVD-2025-180210

File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency...

9.1CVSS6.5AI score0.00778EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/11/04 12:0 a.m.5 views

Lighttpd 1.4.80 HTTP Request/Response Smuggling Vulnerability

Lighttpd is prone to an HTTP request/response smuggling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.1CVSS6.7AI score0.00336EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0447

Malware in sbrugna...

7.5CVSS6.2AI score0.03977EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-2783

Malware in sbrugna...

2.6CVSS8.9AI score0.01766EPSS
Exploits0References59
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-5808

Malicious code in bioql PyPI...

10CVSS6.6AI score0.00356EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.35 views

EUVD-2024-39560

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00264EPSS
Exploits0References1
Rows per page
Query Builder