Lucene search
K

172 matches found

ubuntucve
ubuntucve
added 2026/02/02 2:16 p.m.6 views

CVE-2026-1760

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests,...

5.3CVSS6.1AI score0.00423EPSS
Exploits0References2
osv
osv
added 2026/02/02 2:16 p.m.5 views

UBUNTU-CVE-2026-1760

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests,...

5.3CVSS6AI score0.00423EPSS
Exploits0References3
euvd
euvd
added 2026/02/02 2:1 p.m.4 views

EUVD-2026-5105

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests,...

5.3CVSS5.4AI score0.00423EPSS
Exploits0References2
cve
cve
added 2026/02/02 2:1 p.m.22 views

CVE-2026-1760

CVE-2026-1760 – SoupServer HTTP request smuggling . A flaw in SoupServer allows a remote unauthenticated attacker to smuggle additional requests over a persistent connection by exploiting combined Transfer-Encoding: chunked and Connection: keep-alive handling, potentially causing DoS. The vulnera...

5.3CVSS5.4AI score0.00423EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/01/30 3:24 a.m.6 views

CVE-2025-63649

An out-of-bounds read in the httpparsertransferencodingchunked function mkserver/mkhttpparser.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the server...

7.5CVSS5.9AI score0.00952EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/01/29 12:0 a.m.7 views

Monkey Server security vulnerabilities

Monkey Server is an open-source HTTP server developed by Monkey I/O. There is a security vulnerability in Monkey Server, which stems from out-of-bounds read accesses in the http parser-transferencodingchunked function. This vulnerability could lead to denial-of-service attacks...

7.5CVSS5.8AI score0.00952EPSS
Exploits1References2
packetstorm
packetstorm
added 2026/01/23 12:0 a.m.233 views

📄 Lighttpd 1.4.66 Resource Leak Denial of Service

Lighttpd versions 1.4.56 through 1.4.66 has a resource exhaustion vulnerability affecting gateway backends such as FastCGI. When handling an HTTP/1.1 request with chunked transfer encoding and request-body streaming enabled, lighttpd mishandles an anomalous client disconnect RDHUP / half-closed T...

7.5CVSS5.6AI score0.02714EPSS
Exploits4
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2013-5542

Malware in sbrugna...

5CVSS6.1AI score0.0267EPSS
Exploits2References8
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-0802

Malware in sbrugna...

5CVSS6.2AI score0.01617EPSS
Exploits1References3
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2003-1405

Malware in sbrugna...

6.8CVSS6.4AI score0.01202EPSS
Exploits0References6
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2002-0837

Malware in sbrugna...

7.5CVSS6.4AI score0.13335EPSS
Exploits1References5
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0323

Malicious code in bioql PyPI...

7.5CVSS6.1AI score0.00958EPSS
Exploits0References7
euvd
euvd
added 2025/10/03 8:7 p.m.18 views

EUVD-2023-2224

Malicious code in bioql PyPI...

9.8CVSS6.2AI score0.00738EPSS
Exploits0References9
osv
osv
added 2025/07/10 8:15 p.m.1 views

DEBIAN-CVE-2025-53629

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: Th...

7.5CVSS5.2AI score0.00505EPSS
Exploits1References1
amazon
amazon
added 2025/06/24 12:0 a.m.15 views

Important: rclone

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.2AI score0.00778EPSS
Exploits0
amazon
amazon
added 2025/06/23 12:0 a.m.5 views

Important: runc

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS9.6AI score0.00778EPSS
Exploits0
nessus
nessus
added 2025/06/23 12:0 a.m.6 views

Amazon Linux 2 : runc (ALASDOCKER-2025-068)

The version of runc installed on the remote host is prior to 1.2.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-068 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF...

9.1CVSS7AI score0.00778EPSS
Exploits0References4
nessus
nessus
added 2025/06/23 12:0 a.m.5 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-1040)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1040 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...

9.1CVSS6.9AI score0.00778EPSS
Exploits0References4
nessus
nessus
added 2025/06/23 12:0 a.m.3 views

Amazon Linux 2023 : runc (ALAS2023-2025-1041)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1041 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...

9.1CVSS6.9AI score0.00778EPSS
Exploits0References4
nessus
nessus
added 2025/06/23 12:0 a.m.6 views

Amazon Linux 2 : runc (ALASECS-2025-068)

The version of runc installed on the remote host is prior to 1.2.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-068 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF...

9.1CVSS7AI score0.00778EPSS
Exploits0References4
Rows per page
Query Builder