Lucene search
+L

2458 matches found

CVE
CVE
added yesterday10 views

CVE-2026-50197

Summary: CVE-2026-50197 affects zalando/skipper’s OpenPolicyAgent integration. When clients use HTTP/1.1 Transfer-Encoding: chunked or HTTP/2 without Content-Length, the opaAuthorizeRequestWithBody flow exposes an empty raw_body and parsed input.parsed_body to OPA, causing policy checks that rely...

7.8CVSS5.3AI score
Exploits0References4
Cvelist
Cvelist
added yesterday12 views

CVE-2026-50197 Skipper: opaAuthorizeRequestWithBody filter bypasses OPA policy on Transfer-Encoding: chunked / HTTP/2 requests

Skipper is an HTTP router and reverse proxy for service composition. Prior to 0.26.10, zalando/skipper's OpenPolicyAgent integration silently bypasses request-body inspection on HTTP/1.1 Transfer-Encoding: chunked and HTTP/2 requests that omit the content-length pseudo-header, because the...

7.8CVSS
Exploits0References4
NVD
NVD
added 2 days ago7 views

CVE-2026-44982

CrowdSec offers crowdsourced protection against malicious IPs. From 1.5.0 until 1.7.8, pkg/appsec/request.go NewParsedRequestFromRequest allocated a request body buffer from maxr.ContentLength, 0, so HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests without a content-length...

7.2CVSS0.00217EPSS
Exploits0References5
OSV
OSV
added 2026/07/10 1:13 p.m.2 views

OPENSUSE-SU-2026:21302-1 Security update for nghttp2

This update for nghttp2 fixes the following issue - CVE-2026-58055: HTTP request/response smuggling via upgrade request with Content-Length bsc1269489...

6.3CVSS6.2AI score0.00202EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/09 11:19 p.m.12 views

EUVD-2026-33941

mint: Content-Length header accepts non-RFC "+" sign prefix...

6.3CVSS5.9AI score0.00301EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/09 6:31 p.m.6 views

EUVD-2026-42642

An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding...

6AI score0.00433EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/09 6:31 p.m.8 views

EUVD-2026-42643

Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests including DESCRIBE, SETUP, and PLAY methods. When a request carrying a Content-Length header is received without a corresponding message body, the RTSP parser enters a persistent body-awaiting...

7.5CVSS6AI score0.00404EPSS
Exploits0References2
NVD
NVD
added 2026/07/09 5:16 p.m.12 views

CVE-2026-51599

An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding...

9.8CVSS0.00433EPSS
Exploits0References1
NVD
NVD
added 2026/07/09 5:16 p.m.9 views

CVE-2026-51600

Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests including DESCRIBE, SETUP, and PLAY methods. When a request carrying a Content-Length header is received without a corresponding message body, the RTSP parser enters a persistent body-awaiting...

7.5CVSS0.00404EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/09 3:29 p.m.4 views

netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers

A flaw was found in Netty's HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both Transfer-Encoding: chunked and Content-Length headers. While Netty correctly strips the conflicting Content-Length header for HTTP/1.1 messages, thi...

9.8CVSS6.8AI score0.00607EPSS
Exploits1References5
OSV
OSV
added 2026/07/09 12:56 p.m.3 views

OESA-2026-2980 nghttp2 security update

The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2. Security Fixes: nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade...

6.3CVSS6.1AI score0.00202EPSS
Exploits0References2
OSV
OSV
added 2026/07/09 12:56 p.m.3 views

OESA-2026-2979 nghttp2 security update

The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2. Security Fixes: nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade...

6.3CVSS6.1AI score0.00202EPSS
Exploits0References2
OSV
OSV
added 2026/07/09 12:56 p.m.3 views

OESA-2026-2977 nghttp2 security update

The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2. Security Fixes: nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade...

6.3CVSS6.1AI score0.00202EPSS
Exploits0References2
CVE
CVE
added 2026/07/09 12:0 a.m.9 views

CVE-2026-51600

Summary: CVE-2026-51600 affects Tenda CP3 V3.0 firmware (V31.1.9.91). The RTSP service does not validate Content-Length when no body is present, causing the RTSP parser to enter a persistent body-awaiting state and the TCP connection to remain open, leading to a TCP resource leak. This is describ...

7.5CVSS6AI score0.00404EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/09 12:0 a.m.7 views

CVE-2026-51599

An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding...

6AI score0.00433EPSS
Exploits0References2
CVE
CVE
added 2026/07/09 12:0 a.m.12 views

CVE-2026-51599

CVE-2026-51599 affects MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n. The issue is an insufficient input validation in the RTSP service where an RTSP request with a Content-Length header but no body causes the RTSP parser to enter a body-waiting state, leading to the connection being silently c...

9.8CVSS6AI score0.00433EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/09 12:0 a.m.7 views

CVE-2026-51600

Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests including DESCRIBE, SETUP, and PLAY methods. When a request carrying a Content-Length header is received without a corresponding message body, the RTSP parser enters a persistent body-awaiting...

7.5CVSS6AI score0.00404EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/09 12:0 a.m.35 views

CVE-2026-51600

Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests including DESCRIBE, SETUP, and PLAY methods. When a request carrying a Content-Length header is received without a corresponding message body, the RTSP parser enters a persistent body-awaiting...

0.00404EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 8:23 p.m.3 views

GHSA-659F-RGP5-W4WF Skipper: opaAuthorizeRequestWithBody filter bypasses OPA policy on Transfer-Encoding — chunked / HTTP/2 requests

Summary zalando/skipper's OpenPolicyAgent integration silently bypasses request-body inspection on HTTP/1.1 Transfer-Encoding: chunked and HTTP/2 requests that omit the content-length pseudo-header. When the opaAuthorizeRequestWithBody filter is configured, the...

10CVSS6.2AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/08 8:23 p.m.7 views

Skipper: opaAuthorizeRequestWithBody filter bypasses OPA policy on Transfer-Encoding — chunked / HTTP/2 requests

Summary zalando/skipper's OpenPolicyAgent integration silently bypasses request-body inspection on HTTP/1.1 Transfer-Encoding: chunked and HTTP/2 requests that omit the content-length pseudo-header. When the opaAuthorizeRequestWithBody filter is configured, the...

7.8CVSS6.1AI score
Exploits0References2Affected Software1
Rows per page
Query Builder