Lucene search
+L

3652 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.7 views

Fedora 43 : perl-Starman (2026-b94aad33a5)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b94aad33a5 advisory. Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes Content-Length over...

7.5CVSS5.9AI score0.00487EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/05/07 11:53 a.m.7 views

Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: CVE-2026-2332: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques bsc1262115. CVE-2026-5795: Fixed JaspiAuthenticator broken access control...

9.1CVSS5.8AI score0.01127EPSS
Exploits1References8
OSV
OSV
added 2026/05/07 5:6 a.m.10 views

MGASA-2026-0120 Updated perl-Starlet packages fix security vulnerability

Starlet versions through 0.31 for Perl allow HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40561...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References4
Mageia
Mageia
added 2026/05/07 5:6 a.m.55 views

Updated perl-Starlet packages fix security vulnerability

Starlet versions through 0.31 for Perl allow HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40561...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/07 3:46 a.m.7 views

EUVD-2026-26712

Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate Content-Length header...

6.3CVSS5.8AI score0.00518EPSS
Exploits0References5
OSV
OSV
added 2026/05/07 12:22 a.m.33 views

GHSA-38F8-5428-X5CV Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding

Summary Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. Details Netty incorrectly marks a request as chunked when malformed "Transfer-Encoding: chunked, identity" is present. According to RFC...

6.5CVSS6AI score0.00248EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/07 12:18 a.m.15 views

HTTP Request Smuggling

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling in the HttpObjectDecoder component. An attacker can manipulate...

9.8CVSS5.8AI score0.00607EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/07 12:13 a.m.18 views

HTTP Request Smuggling

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling via the getChunkSize function. An attacker can inject unauthorized HT...

7.3CVSS5.8AI score0.00364EPSS
Exploits1References2
OSV
OSV
added 2026/05/07 12:13 a.m.27 views

GHSA-M4CV-J2PX-7723 Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing

Summary Netty's chunk size parser silently overflows int, enabling request smuggling attacks. Details io.netty.handler.codec.http.HttpObjectDecodergetChunkSize silently overflows int. The size is accumulated as follows: result = 16; result += digit; The result is checked only for negative values...

6.5CVSS5.9AI score0.00364EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/07 12:13 a.m.11 views

Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing

Summary Netty's chunk size parser silently overflows int, enabling request smuggling attacks. Details io.netty.handler.codec.http.HttpObjectDecodergetChunkSize silently overflows int. The size is accumulated as follows: result = 16; result += digit; The result is checked only for negative values...

6.5CVSS5.9AI score0.00364EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 8:52 p.m.8 views

CVE-2026-41417 Netty vulnerable to HTTP request smuggling and RTSP request injection via DefaultHttpRequest.setUri()

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

5.3CVSS5.8AI score0.00307EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/06 8:52 p.m.52 views

CVE-2026-41417 Netty vulnerable to HTTP request smuggling and RTSP request injection via DefaultHttpRequest.setUri()

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

5.3CVSS0.00307EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/06 5:58 p.m.14 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS7.2AI score0.0064EPSS
Exploits1References8
OSV
OSV
added 2026/05/06 12:8 p.m.5 views

SUSE-SU-2026:1714-1 Security update for erlang

This update for erlang fixes the following issues: - CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal bsc1258663. - CVE-2026-23941: HTTP Request Smuggling in Erlang OTP bsc1259687. - CVE-2026-23942: path traversal vulnerability in Erlang OTP bsc1259681. - CVE-2026-2394...

9.8CVSS7.2AI score0.00644EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.24 views

PT-2026-37626

Name of the Vulnerable Software and Affected Versions Gazelle versions prior to 0.50 Description Improper header precedence allows HTTP Request Smuggling. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present in an HTTP request,...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References10
Snyk
Snyk
added 2026/05/05 6:27 p.m.7 views

HTTP Request Smuggling

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling in the setUri function. An attacker can inject arbitrary CRLF sequenc...

6.5CVSS5.9AI score0.00307EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 4:20 p.m.16 views

Security Bulletin: Vulnerabilities in Apache Tomcat and Lodash might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Apache Tomcat and Lodash. Vulnerabilities include Improper Input Validation vulnerability in Apache Tomcat, Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apach...

9.1CVSS7.3AI score0.00715EPSS
Exploits2Affected Software1
OSV
OSV
added 2026/05/03 1:15 a.m.9 views

DEBIAN-CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References1
OSV
OSV
added 2026/05/03 12:57 a.m.4 views

CVE-2026-40561 Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.3CVSS6AI score0.00378EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2026/05/03 12:57 a.m.73 views

CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.3CVSS5.8AI score0.00378EPSS
Exploits0
Rows per page
Query Builder