Lucene search
K

3631 matches found

Cvelist
Cvelist
added 2026/05/13 6:12 p.m.40 views

CVE-2026-42585 Netty: HTTP Request Smuggling due to malformed Transfer-Encoding

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

6.5CVSS0.00248EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/13 6:12 p.m.6 views

CVE-2026-42585 Netty: HTTP Request Smuggling due to malformed Transfer-Encoding

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

6.5CVSS5.8AI score0.00248EPSS
Exploits1References1
CVE
CVE
added 2026/05/13 6:4 p.m.28 views

CVE-2026-42580

Netty vulnerability CVE-2026-42580: The chunk size parser in Netty before 4.2.13.Final and 4.1.133.Final silently overflows an int, enabling HTTP request smuggling. Affected: Netty versions prior to the fixed releases. Impact: potential request smuggling with LOW to MEDIUM described CVSS factors ...

6.5CVSS5.8AI score0.00364EPSS
Exploits1References1Affected Software1
Mageia
Mageia
added 2026/05/13 7:0 a.m.84 views

Updated perl-Gazelle packages fix security vulnerability

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40562...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 10:22 p.m.23 views

CVE-2026-7010

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...

6.5CVSS0.00227EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: haproxy (UTSA-2026-017431)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017431 advisory. An integer overflow exists in HAProxy 2.0 through 2.5 in htxaddheader that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypa...

7.5CVSS6.1AI score0.57934EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.6 views

Fedora 43 : perl-Starman (2026-b94aad33a5)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b94aad33a5 advisory. Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes Content-Length over...

7.5CVSS5.9AI score0.00487EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/05/07 11:53 a.m.7 views

Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: CVE-2026-2332: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques bsc1262115. CVE-2026-5795: Fixed JaspiAuthenticator broken access control...

9.1CVSS5.8AI score0.01127EPSS
Exploits1References8
OSV
OSV
added 2026/05/07 5:6 a.m.10 views

MGASA-2026-0120 Updated perl-Starlet packages fix security vulnerability

Starlet versions through 0.31 for Perl allow HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40561...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References4
Mageia
Mageia
added 2026/05/07 5:6 a.m.51 views

Updated perl-Starlet packages fix security vulnerability

Starlet versions through 0.31 for Perl allow HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40561...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/07 3:46 a.m.6 views

EUVD-2026-26712

Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate Content-Length header...

6.3CVSS5.8AI score0.00518EPSS
Exploits0References5
OSV
OSV
added 2026/05/07 12:22 a.m.10 views

GHSA-38F8-5428-X5CV Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding

Summary Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. Details Netty incorrectly marks a request as chunked when malformed "Transfer-Encoding: chunked, identity" is present. According to RFC...

6.5CVSS6AI score0.00248EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/07 12:18 a.m.15 views

HTTP Request Smuggling

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling in the HttpObjectDecoder component. An attacker can manipulate...

9.8CVSS5.8AI score0.00515EPSS
Exploits1References2
OSV
OSV
added 2026/05/07 12:13 a.m.8 views

GHSA-M4CV-J2PX-7723 Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing

Summary Netty's chunk size parser silently overflows int, enabling request smuggling attacks. Details io.netty.handler.codec.http.HttpObjectDecodergetChunkSize silently overflows int. The size is accumulated as follows: result = 16; result += digit; The result is checked only for negative values...

6.5CVSS5.9AI score0.00364EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/07 12:13 a.m.17 views

HTTP Request Smuggling

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling via the getChunkSize function. An attacker can inject unauthorized HT...

7.3CVSS5.8AI score0.00364EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/07 12:13 a.m.10 views

Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing

Summary Netty's chunk size parser silently overflows int, enabling request smuggling attacks. Details io.netty.handler.codec.http.HttpObjectDecodergetChunkSize silently overflows int. The size is accumulated as follows: result = 16; result += digit; The result is checked only for negative values...

6.5CVSS5.9AI score0.00364EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/05/06 8:52 p.m.52 views

CVE-2026-41417 Netty vulnerable to HTTP request smuggling and RTSP request injection via DefaultHttpRequest.setUri()

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

5.3CVSS0.00307EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/06 8:52 p.m.8 views

CVE-2026-41417 Netty vulnerable to HTTP request smuggling and RTSP request injection via DefaultHttpRequest.setUri()

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

5.3CVSS5.8AI score0.00307EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/06 5:58 p.m.14 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS7.2AI score0.0064EPSS
Exploits1References8
OSV
OSV
added 2026/05/06 12:8 p.m.5 views

SUSE-SU-2026:1714-1 Security update for erlang

This update for erlang fixes the following issues: - CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal bsc1258663. - CVE-2026-23941: HTTP Request Smuggling in Erlang OTP bsc1259687. - CVE-2026-23942: path traversal vulnerability in Erlang OTP bsc1259681. - CVE-2026-2394...

9.8CVSS7.2AI score0.00644EPSS
Exploits0References11
Rows per page
Query Builder