Lucene search
K

3632 matches found

RedHat Linux
RedHat Linux
added 2026/05/26 1:50 a.m.21 views

Important: Red Hat Security Advisory: jmc security update

An update for jmc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

9.1CVSS7.1AI score0.01127EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.17 views

IBM WebSphere Application Server 8.5.x / 9.x RCE (7274072)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7274072 advisory. - IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and...

9.8CVSS6.7AI score0.00847EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.17 views

Atlassian Confluence 8.9.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103707)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103707 advisory. - This HTTP Request/Response Smuggling vulnerability allows an unauthenticated attacker to manipulate HTTP requests in a way that causes the server...

7.5CVSS5.9AI score0.00453EPSS
Exploits0References2
Atlassian
Atlassian
added 2026/05/22 10:30 p.m.7 views

HTTP Request Smuggling ws Dependency in Confluence Data Center

This High severity HTTP Request Smuggling vulnerability was introduced in versions 9.0.1, 9.2.3, and 9.4.0 of Confluence Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated...

7.5CVSS5.2AI score0.00745EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 1:31 p.m.15 views

Security Bulletin: The Analyst Workflow App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Analyst Workflow App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION: Undici allows...

9.8CVSS7AI score0.0115EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.11 views

Unity Linux 20.1070e Security Update: undertow (UTSA-2026-016708)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016708 advisory. A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker t...

6.5CVSS6.7AI score0.01005EPSS
Exploits0References4
Atlassian
Atlassian
added 2026/05/21 7:29 p.m.8 views

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Jira Data Center

This High severity HTTP Request Smuggling vulnerability was introduced in versions 9.12.1, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center and Server. This HTTP Request Smuggling vulnerability, with a...

7.5CVSS5.2AI score0.00248EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Puma

Puma is an HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using “puma” with a proxy that forwards HTTP header values containing the LF character could lead to HTTP request smuggling. A client could secretly send a request through a proxy, causing the proxy to send ...

3.7CVSS6.5AI score0.01119EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in Puma

Puma is a Ruby/Rack web server designed for parallelism. Prior to versions 6.3.1 and 5.6.7, Puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers, which could allow HTTP request smuggling. The severity of this issue heavily depends ...

9.8CVSS6.7AI score0.00738EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in http-parser

Node.js versions before 10.23.1, 12.20.1, 14.15.4, and 15.5.1 allow for two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

6.5CVSS6.9AI score0.16296EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Gunicorn

Gunicorn fails to properly validate Transfer-Encoding headers, resulting in HTTP Request Smuggling HRS vulnerabilities. By creating requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue arises due to Gunicorn’s...

7.5CVSS7.1AI score0.02996EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.18 views

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2026-1672)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1672 advisory. Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1...

9.1CVSS6AI score0.0504EPSS
Exploits3References20
Snyk
Snyk
added 2026/05/19 8:3 p.m.11 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the nuxtisland endpoint when responses are not properly bound to request props, allowing shared-cache poisoning. An attacker can cause users to receive attacker-controlled HTML by priming a shared cache with...

5.8CVSS6AI score0.00091EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 7:19 p.m.20 views

Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of netty-codec-http

Summary Due to use of netty-codec-http, DevOps Test Performance and Rational Performance Tester contain potential HTTP Request Smuggling and Uncontrolled Resource Consumption vulnerabilities. Vulnerability Details CVEID:CVE-2026-42580 DESCRIPTION: Netty is an asynchronous, event-driven network...

9.8CVSS6AI score0.00887EPSS
Exploits5Affected Software1
SUSE Linux
SUSE Linux
added 2026/05/19 11:56 a.m.10 views

Security update for erlang26

This update for erlang26 fixes the following issues Security issues: CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal bsc1258663. CVE-2026-23941: HTTP Request Smuggling in Erlang OTP bsc1259687. CVE-2026-23942: path traversal vulnerability in Erlang OTP bsc1259681...

9.1CVSS7.2AI score0.00644EPSS
Exploits0References26
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.14 views

Debian dla-4590 : erlang - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4590 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4590-1 [email protected]...

9.4CVSS7.2AI score0.00644EPSS
Exploits0References10
OSV
OSV
added 2026/05/18 8:56 a.m.42 views

BIT-TOMCAT-2020-1935

In Apache Tomcat 9.0.0 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy...

5.8CVSS7AI score0.09386EPSS
Exploits0References20
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 6:35 a.m.12 views

Security Bulletin: Erlang OTP inets httpd Vulnerable to HTTP Request Smuggling via Duplicate Content-Length Headers

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/...

9.4CVSS7.1AI score0.00528EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/16 5:30 p.m.13 views

CLSA-2026-1778836031 libsoup: Fix of CVE-2026-2708

CVE-2026-2708: reject duplicate Content-Length headers with different values to prevent HTTP request smuggling per RFC 9110 section 7.7...

5.3CVSS5.8AI score0.00321EPSS
Exploits1References1
OSV
OSV
added 2026/05/16 3:25 p.m.11 views

CLSA-2026-1778756991 libsoup: Fix of CVE-2026-2708

CVE-2026-2708: reject duplicate Content-Length headers with different values to prevent HTTP request smuggling per RFC 9110 section 7.7...

5.3CVSS5.8AI score0.00321EPSS
Exploits1References1
Rows per page
Query Builder