292 matches found
CVE-2026-2032
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability affects Firefox for iOS 147.2.1...
UBUNTU-CVE-2026-2032
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1...
CVE-2026-2032 Interrupted page loads in new tabs could allow website spoofing under trusted domains in Firefox iOS
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1...
CVE-2026-2032
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1...
Security Vulnerabilities fixed in Firefox for iOS 147.2.1 — Mozilla
Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain...
CVE-2025-41082
Illegal HTTP request traffic vulnerability CL.0 in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which...
CVE-2025-41082
Illegal HTTP request traffic vulnerability CL.0 in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which...
CVE-2025-41082
CVE-2025-41082 : Affected: Altitude Communication Server. vulnerability arises from inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers, causing desynchronization between frontend and backend servers. Potential effects include request h...
EUVD-2025-206375
Illegal HTTP request traffic vulnerability CL.0 in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which...
CVE-2025-41082
Illegal HTTP request traffic vulnerability CL.0 in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which...
CVE-2025-41082 HTTP Request/Response Smuggling in Altitude Communication Server
Illegal HTTP request traffic vulnerability CL.0 in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which...
PT-2026-4738
Illegal HTTP request traffic vulnerability CL.0 in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which...
K000159607: Node-forge vulnerability CVE-2025-12816
Security Advisory Description An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic...
curl: IMAP Protocol Desynchronization and Response Smuggling via Naive Literal Parsing
libcurl incorrectly parses IMAP literals size even when they are embedded within quoted strings e.g., email subjects or headers. This behavior violates RFC 3501, which mandates that content inside double quotes must be treated as opaque text. This parsing error causes the client state machine to...
curl: MQTT Protocol Violation & Integer Overflow in libcurl
Executive Summary Vulnerability Type: CWE-190 Component: lib/mqtt.c Function: mqttdecodelen Affected Architectures: - All architectures: Protocol non-compliance leading to stream desynchronization - 32-bit architectures: Deterministic integer overflow in length decoding libcurl does not correctly...
curl: SMTP CRLF Injection & Protocol Desynchronization in libcurl
Executive Summary A critical security vulnerability has been identified in libcurl's SMTP protocol handler. The vulnerability allows for SMTP Command Smuggling and Protocol Desynchronization by injecting CRLF sequences into email address fields. This can be exploited to bypass security controls,...
curl: HTTP/3 Protocol Smuggling and Header Injection via CRLF in QPACK value conversion
A fundamental design flaw exists in how libcurl handles HTTP/3 QUIC response headers across all supported backends ngtcp2, quiche, openssl-quic. The vulnerability stems from the unsafe transcoding of binary QPACK headers HTTP/3 into the textual HTTP/1.1 format used internally by curl's pipeline...
CVE-2023-53878
Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request...
CVE-2023-53878
Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request...
CVE-2023-53878
CVE-2023-53878 — Member Login Script 3.3 involves a client-side desynchronization vulnerability tied to parsing the Content-Length header. The flaw allows attackers to manipulate HTTP request handling by smuggling secondary requests within crafted POST payloads, potentially bypassing server-side ...