CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1156 matches found

Snyk•added 2026/01/15 7:24 p.m.•2 views

HTTP Request Smuggling

Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to HTTP Request Smuggling via improper parsing of the Transfer-Encoding header in the readRawBody function. An attacker can bypass security controls and poison web...

9.8CVSS6.8AI score0.00026EPSS

Exploits1References2

CVE•added 2026/01/15 7:24 p.m.•27 views

CVE-2026-23527

CVE-2026-23527 affects the h3 HTTP framework (pre-1.15.5). The vulnerability is in readRawBody, which performs a strict case-sensitive check for the Transfer-Encoding header and looks for the literal value “chunked.” Because RFC requires case-insensitive handling, an attacker can craft a request ...

9.8CVSS6.4AI score0.00026EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/01/15 7:24 p.m.•4 views

CVE-2026-23527 h3 v1 has Request Smuggling (TE.TE) issue

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

8.9CVSS5.8AI score0.00026EPSS

Exploits1References4

Positive Technologies•added 2026/01/15 12:0 a.m.•7 views

PT-2026-3098

Name of the Vulnerable Software and Affected Versions H3 versions prior to 1.15.5 Description H3 is a minimal HTTP framework designed for high performance and portability. A critical HTTP Request Smuggling issue exists due to a case-sensitive check for the 'Transfer-Encoding' header within the...

8.9CVSS6.7AI score0.00026EPSS

Exploits1References12

CNNVD•added 2026/01/15 12:0 a.m.•2 views

H3 Environmental Issues and Vulnerabilities

H3 is an open-source HTTP framework developed by H3. Versions prior to H3 1.15.5 contained an environmental issue vulnerability. This vulnerability stemmed from the strict case-sensitive handling of the Transfer-Encoding header, which could lead to HTTP request payload attacks...

9.8CVSS5.8AI score0.00026EPSS

Exploits1References2

RedhatCVE•added 2026/01/09 9:59 a.m.•4 views

CVE-2020-7658

meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing...

6.1CVSS6.8AI score0.00238EPSS

Exploits0References1

Positive Technologies•added 2026/01/01 12:0 a.m.•3 views

PT-2026-23085

Name of the Vulnerable Software and Affected Versions libsoup versions 2.4.1-2.74.3 through 2.4.1-2.74.3-17.1 libsoup versions 3.0.0-3.6.6 through 3.0.0-3.6.6-1.1 Description The libsoup library contains flaws related to HTTP/1 request smuggling. Specifically, the soup headers parse function...

3.7CVSS5.7AI score0.00052EPSS

Exploits1References63

Packet Storm•added 2025/12/24 12:0 a.m.•158 views

📄 Varnish / Styx HTTP Request Smuggling

Proof of concept exploit that demonstrates an HTTP request smuggling vulnerability between Varnish and Styx / Nginx. ============================================================================================================================================= | Title : HTTP Request Smuggling TE.CL...

7AI score

Exploits0

RedhatCVE•added 2025/12/20 8:14 p.m.•9 views

CVE-2025-12874

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Quest Coexistence Manager for Notes Free/Busy Connector modules allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding CL.TE attack vector. This could allow an attacker to bypass access...

6.3CVSS6.9AI score0.0009EPSS

Exploits0References1

EUVD•added 2025/12/19 9:30 p.m.•2 views

EUVD-2025-204611

6.3CVSS6.4AI score0.0009EPSS

Exploits0References4

NVD•added 2025/12/19 8:15 p.m.•3 views

CVE-2025-12874

6.3CVSS0.0009EPSS

Exploits0References2

CVE•added 2025/12/19 7:36 p.m.•9 views

CVE-2025-12874

Quest Coexistence Manager for Notes (Free/Busy Connector modules) contains a HTTP Request/Response Smuggling flaw via Content-Length-Transfer-Encoding (CL.TE). The CVE entry notes the issue affects version 3.8.2045 and may affect other versions; impact includes bypassing access controls, web-cach...

6.3CVSS6.5AI score0.0009EPSS

Exploits0References2

Cvelist•added 2025/12/19 7:36 p.m.•20 views

CVE-2025-12874 HTTP Request Smuggling in Quest Coexistence Manager for Notes

6.3CVSS0.0009EPSS

Exploits0References2

Positive Technologies•added 2025/12/19 12:0 a.m.•3 views

PT-2025-52508

Name of the Vulnerable Software and Affected Versions Quest Coexistence Manager for Notes version 3.8.2045 Description An inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' exists in Quest Coexistence Manager for Notes Free/Busy Connector modules. This allows HTTP...

6.3CVSS6.5AI score0.0009EPSS

Exploits0References7

GithubExploit•added 2025/10/24 2:19 p.m.•255 views

Exploit for HTTP Request Smuggling in Microsoft

CVE-2025-55315 Vulnerability Scanner and TLS Proxy This repos...

9.9CVSS6.8AI score0.01681EPSS

Exploits5

Veracode•added 2025/10/23 5:38 a.m.•4 views

Improper Input Validation

Hono is vulnerable to improper input validation. The vulnerability is due to a flaw in the bodyLimit middleware that prioritized the Content-Length header over Transfer-Encoding: chunked, which allows an attacker to bypass the configured request body size limit and potentially cause a denial of...

5.3CVSS6.9AI score0.00044EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-0115

Malware in sbrugna...

6.1CVSS6.1AI score0.00238EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-0293

Malware in sbrugna...

5.8CVSS7.3AI score0.06163EPSS

Exploits0References21