7 matches found
CVE-2026-22727 Cloud Foundry unprotected internal endpoints
Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information...
AIOHTTP's unicode processing of header values could cause parsing discrepancies
Summary The Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execute a request smuggling...
EUVD-2002-2416
Malware in sbrugna...
CVE-2025-9821 SSRF via webhook function
SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the partial request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. ImpactBypass of firewalls to interact with internal...
aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
A flaw was found in the aiohttp package. The Python parser parses newlines in chunk extensions incorrectly, which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed, for example, without the usual C extensions, or...
squid: Request/Response smuggling in HTTP/1.1 and ICAP
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...
ALPINE-CVE-2023-46846
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...