Lucene search
+L

3648 matches found

nuclei
nuclei
added 9 hours ago368 views

Qlik Sense Enterprise - HTTP Request Smuggling

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

9.9CVSS7.1AI score0.84967EPSS
Exploits0References5
ibm
ibm
added 2 days ago6 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a HTTP Request Smuggling Vulnerability in Netty (CVE-2026-33870)

Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the Server/Agent/Relay communication system. CVE-2026-33870. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...

7.5CVSS6.6AI score0.0064EPSS
Exploits1Affected Software1
cvelist
cvelist
added 2 days ago24 views

CVE-2026-12606

Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling...

6.3CVSS0.00188EPSS
Exploits0References1
euvd
euvd
added 2 days ago6 views

EUVD-2026-43584

Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to ...

9.1CVSS6AI score0.00539EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2 days ago9 views

PT-2026-57935

Name of the Vulnerable Software and Affected Versions SAP Approuter affected versions not specified Description An unauthenticated attacker can exploit an HTTP Request Smuggling issue by sending a specially crafted HTTP request. This leads to request-response desynchronization, a condition where...

9.1CVSS6AI score0.00539EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2 days ago6 views

PT-2026-57984

Name of the Vulnerable Software and Affected Versions Eclipse Grizzly versions prior to 5.0.2 Description An issue exists where the software cannot properly parse the trailer section in a malformed trailer header line. This flaw can be leveraged to perform HTTP request smuggling, a technique used...

6.3CVSS6.1AI score0.00188EPSS
Exploits0References4
osv
osv
added 6 days ago2 views

OPENSUSE-SU-2026:21302-1 Security update for nghttp2

This update for nghttp2 fixes the following issue - CVE-2026-58055: HTTP request/response smuggling via upgrade request with Content-Length bsc1269489...

6.3CVSS6.2AI score0.00202EPSS
Exploits0References2
euvd
euvd
added last week12 views

EUVD-2026-33941

mint: Content-Length header accepts non-RFC "+" sign prefix...

6.3CVSS5.9AI score0.00301EPSS
Exploits0References5
osv
osv
added 2026/07/09 12:56 p.m.2 views

OESA-2026-2977 nghttp2 security update

The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2. Security Fixes: nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade...

6.3CVSS6.1AI score0.00202EPSS
Exploits0References2
nessus
nessus
added 2026/07/06 12:0 a.m.10 views

Siemens SENTRON 7KT PAC1261 HTTP Request/Response Smuggling (CVE-2025-22871)

The Go net/http package incorrectly treats a bare line feed LF as a valid line terminator in chunked transfer data. This flaw can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as a line terminator. This plugin only works with...

9.1CVSS6.8AI score0.00778EPSS
Exploits0References3
nvd
nvd
added 2026/06/30 10:16 p.m.9 views

CVE-2026-11541

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability...

9.8CVSS0.00418EPSS
Exploits0References1
susecve
susecve
added 2026/06/30 1:42 a.m.9 views

SUSE CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.6 views

PT-2026-53990

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 26.0.0.6 Description An HTTP request smuggling issue exists, which occurs when there...

9.8CVSS6AI score0.00418EPSS
Exploits0References8
ibm
ibm
added 2026/06/29 3:40 p.m.5 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled IBM WebSphere Remote Server, are affected by HTTP request smuggling (CVE-2026-11541)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and WebSphere Application Server Liberty has been published in a security bulletin...

9.8CVSS5.8AI score0.00418EPSS
Exploits0Affected Software1
osv
osv
added 2026/06/29 5:42 a.m.3 views

SUSE-SU-2026:2670-1 Security update for libsoup2

This update for libsoup2 fixes the following issue - CVE-2026-1801: HTTP Request Smuggling in soupfilterinputstreamreadline bsc1257649...

6.5CVSS5.8AI score0.00376EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/28 1:32 a.m.8 views

CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References3
osv
osv
added 2026/06/24 1:11 p.m.8 views

OESA-2026-2704 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Relative Path Traversal, Improper Isolation or...

9.4CVSS5.8AI score0.00644EPSS
Exploits0References5
ibm
ibm
added 2026/06/24 3:45 a.m.12 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling (CVE-2026-11541)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by remote code execution and HTTP request smuggling. Vulnerability Details CVEID:CVE-2026-11541 DESCRIPTION: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by an...

9.8CVSS6.5AI score0.00418EPSS
Exploits0Affected Software1
nessus
nessus
added 2026/06/24 12:0 a.m.18 views

IBM WebSphere Application Server 8.5.x < 8.5.5.31 / 9.x < 9.0.5.29 RCE (7277550)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7277550 advisory. - IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by an HTTP request smuggling vulnerabilit...

9.8CVSS6.3AI score0.00418EPSS
Exploits0References2
redhat
redhat
added 2026/06/22 5:15 p.m.19 views

Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.8CVSS7.6AI score0.01079EPSS
Exploits7References11
Rows per page
Query Builder