1975 matches found
CVE-2026-40560
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
PT-2026-35863
Name of the Vulnerable Software and Affected Versions Starman versions prior to 0.4018 Description Improper header precedence allows HTTP Request Smuggling. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present in an HTTP request, whi...
actix-http has HTTP/1.1 CL.TE Request Smuggling
A vulnerability in actix-http's HTTP/1.1 request parser allows an unauthenticated remote client to smuggle requests in deployments where a front-end HTTP intermediary and the Actix backend disagree about whether Content-Length or Transfer-Encoding: chunked defines the request body length...
EUVD-2025-209541
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...
CVE-2025-31958
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...
CVE-2025-31958 HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...
CVE-2025-31958
HCL BigFix Service Management is reported vulnerable to HTTP Request Smuggling. The connected sources describe HTTP request smuggling as an issue arising when front-end and back-end servers parse requests inconsistently, enabling bypass of security controls and potentially enabling cache poisonin...
PT-2026-33976
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...
PT-2026-46944
Name of the Vulnerable Software and Affected Versions X.Org X server affected versions not specified Xwayland affected versions not specified Description An out-of-bounds write flaw exists in the X.Org X server and Xwayland within the DRIGetBuffers and DRIGetBuffersWithFormat functions. A client...
EUVD-2026-23480
Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment...
CVE-2026-33093
Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment...
CVE-2026-33093 Anviz Products Missing Authorization
Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment...
CVE-2026-33093
CVE-2026-33093 — Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that triggers the front-facing camera to capture a photo, exposing visible information about the deployment environment. Affected product: Anviz CX7 Firmware. Reported impact: confidentiality loss (low) wit...
CVE-2026-33093
Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment...
CVE-2026-33093 Anviz Products Missing Authorization
Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment...
PT-2026-33481
CVE-2026-33093 Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the … https://t.co/qyxdCA6QG6...
Anviz CX7 安全漏洞
The Anviz CX7 is an intelligent terminal device from the American company Anviz, featuring integrated biometrics and access control functions. The Anviz CX7 firmware contains a security vulnerability. This vulnerability stems from unverified POST requests that can capture photos taken by the...
Malicious Package
Overview autoshipment-public-front is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in autoshipment-public-front (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e88d7d57a4db4ac2a1f359905f9bff3aba5176c373833890d1f58befc32b4d8 The package autoshipment-public-front was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2274 Malicious code in autoshipment-public-front (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e88d7d57a4db4ac2a1f359905f9bff3aba5176c373833890d1f58befc32b4d8 The package autoshipment-public-front was found to contain malicious code. Source: ghsa-malware...