CVE-2026-23527

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

HTTP Request Smuggling

Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to HTTP Request Smuggling via improper parsing of the Transfer-Encoding header in the readRawBody function. An attacker can bypass security controls...

CVE-2026-23527 Request Smuggling (TE.TE) in h3 v1

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

CVE-2026-23527 h3 v1 has Request Smuggling (TE.TE) issue

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

EUVD-2026-2737

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

CVE-2026-23527

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

CVE-2026-23527

CVE-2026-23527 affects the h3 HTTP framework (pre-1.15.5). The vulnerability is in readRawBody, which performs a strict case-sensitive check for the Transfer-Encoding header and looks for the literal value “chunked.” Because RFC requires case-insensitive handling, an attacker can craft a request ...

CVE-2026-23527 h3 v1 has Request Smuggling (TE.TE) issue

H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...

PT-2026-3098

Name of the Vulnerable Software and Affected Versions H3 versions prior to 1.15.5 Description H3 is a minimal HTTP framework designed for high performance and portability. A critical HTTP Request Smuggling issue exists due to a case-sensitive check for the 'Transfer-Encoding' header within the...

H3 Environmental Issues and Vulnerabilities

H3 is an open-source HTTP framework developed by H3. Versions prior to H3 1.15.5 contained an environmental issue vulnerability. This vulnerability stemmed from the strict case-sensitive handling of the Transfer-Encoding header, which could lead to HTTP request payload attacks...

CVE-2024-42048

OpenOrange Business Framework version 1.15.5 installs to a directory with overly permissive access control, allowing all authenticated users to write to the installation path. In combination with the application's behavior of loading DLLs from this location, this allows for DLL hijacking and may...

CVE-2025-22470

CL4/6NX Plus and CL4/6NX-J Plus Japan model with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege...

SATO CL4/6NX Plus和SATO CL4/6NX-J Plus 操作系统命令注入漏洞

SATO CL4/6NX Plus and SATO CL4/6NX-J Plus are both series of smart industrial label printers from SATO Japan. An operating system command injection vulnerability exists in SATO CL4/6NX Plus and SATO CL4/6NX-J Plus versions prior to 1.15.5-r1, which stems from the possibility of executing arbitrar...

SATO CL4/6NX Plus和SATO CL4/6NX-J Plus 代码问题漏洞

SATO CL4/6NX Plus and SATO CL4/6NX-J Plus are both series of smart industrial label printers from SATO Japan. A code issue vulnerability exists in the SATO CL4/6NX Plus and SATO CL4/6NX-J Plus versions prior to 1.15.5-r1, which stems from the fact that uploading a specially crafted hazardous file...

Driver Disk for Intel ice 1.15.5 - For Citrix Hypervisor 8.2 Cumulative Update 1 LTSR

Who should install this driver disk? Customers running the Citrix Hypervisor 8.2 Cumulative Update 1 LTSR release who use Intel's ice driver and wish to use the latest version of the following: Driver Module| Driver Type| Version ---|---|--- ice| Ethernet/NIC| 1.15.5 Issues resolved in this drive...

CVE-2024-56508 File Upload Vulnerability Leading to XSS in LinkAce v1.15.5

LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads...

WordPress 3D FlipBook – PDF Flipbook WordPress plugin <= 1.15.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by m3ez Patchstack Alliance in WordPress Plugin 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery versions = 1.15.5...

BIT-TENSORFLOW-2020-26271 Heap out of bounds access in MakeEdge in TensorFlow

In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node given by outputindex and the input slot of the dst node...

CVE-2024-2048

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass...

NodeBB 1.15.5 - 1.18.4 XSS Vulnerability

NodeBB is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodebb:nodebb";...