CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1139 matches found

Snyk•added 2026/05/07 12:13 a.m.•4 views

HTTP Request Smuggling

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling via the getChunkSize function. An attacker can inject unauthorized HT...

6.9CVSS5.8AI score0.00016EPSS

Exploits1References2

Tenable Nessus•added 2026/05/07 12:0 a.m.•1 views

Fedora 44 : perl-Starman (2026-5bb108e1b7)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5bb108e1b7 advisory. Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes Content-Length over...

7.5CVSS5.8AI score0.00016EPSS

Exploits0References2

Positive Technologies•added 2026/05/07 12:0 a.m.•5 views

PT-2026-38377

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.13.Final Netty versions prior to 4.1.133.Final Description Netty incorrectly parses malformed Transfer-Encoding headers, which can lead to request smuggling attacks. Specifically, the framework incorrectly marks a...

7.5CVSS6AI score0.00012EPSS

Exploits1References23

Positive Technologies•added 2026/05/07 12:0 a.m.•13 views

PT-2026-38374

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.133.Final Netty versions prior to 4.2.13.Final Description In the HttpObjectDecoder component, the software fails to strip the Content-Length header when an HTTP/1.0 request contains both Transfer-Encoding: chunked...

5.8CVSS5.8AI score0.00017EPSS

Exploits1References17

RedHat Linux•added 2026/05/06 5:58 p.m.•3 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS7.2AI score0.00028EPSS

Exploits1References8

EUVD•added 2026/05/06 3:32 p.m.•1 views

EUVD-2026-27825

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

7.5CVSS5.8AI score0.00038EPSS

Exploits0References3

NVD•added 2026/05/06 1:16 p.m.•3 views

CVE-2026-40562

7.5CVSS0.00038EPSS

Exploits0References4

CVE•added 2026/05/06 12:36 p.m.•5 views

CVE-2026-40562

Gazelle for Perl (versions up to 0.49) is affected by HTTP Request Smuggling due to improper header precedence: Content-Length is prioritized over Transfer-Encoding: chunked when both headers are present, contravening RFC 7230 section 3.3.3. This can enable smuggling of requests via a front-end r...

7.5CVSS5.8AI score0.00038EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/05/06 12:36 p.m.•27 views

CVE-2026-40562 Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence

0.00038EPSS

Exploits0References3

ATTACKERKB•added 2026/05/06 12:36 p.m.•6 views

CVE-2026-40562

7.5CVSS5.8AI score0.00038EPSS

Exploits0References3

Positive Technologies•added 2026/05/06 12:0 a.m.•4 views

PT-2026-37626

Name of the Vulnerable Software and Affected Versions Gazelle versions prior to 0.50 Description Improper header precedence allows HTTP Request Smuggling. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present in an HTTP request,...

7.5CVSS5.8AI score0.00038EPSS

Exploits0References10

RedhatCVE•added 2026/05/04 8:21 p.m.•3 views

CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.3CVSS5.8AI score0.00012EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в gunicorn

Gunicorn fails to properly validate Transfer-Encoding headers, resulting in HTTP Request Smuggling HRS vulnerabilities. By creating requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue arises due to Gunicorn’s...

7.5CVSS7.1AI score0.00049EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•8 views

Astra Linux - уязвимость в apache2

Apache HTTP Server versions 2.4.41 to 2.4.46 with modproxyhttp can become unstable when processing specially crafted requests that use both Content-Length and Transfer-Encoding headers. This can lead to a denial of service...

7.5CVSS7.1AI score0.14442EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux - уязвимость в waitress

In Waitress version 1.4.0, if a proxy server is used in front of Waitress, an attacker may send an invalid request that bypasses the front-end and is parsed differently by Waitress. This could lead to HTTP request smuggling. Specifically, requests containing special whitespace characters in the...

8.2CVSS6.6AI score0.00882EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в tomcat9

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

5.3CVSS7AI score0.01865EPSS

Exploits1References1

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в netty

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace such as a spaceTransfer-Encoding:chunked line and a later Content-Length header. This issue exists due to an incomplete fix for CVE-2019-16869...

7.5CVSS6.9AI score0.01498EPSS

Exploits1References1

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в waitress

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with t...

7.5CVSS6.8AI score0.00795EPSS

Exploits0References2