net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

RHEL 8 : grafana-pcp (RHSA-2025:8983)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:8983 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace...

Moderate: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in...

EulerOS 2.0 SP12 : golang (EulerOS-SA-2025-1586)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a...

CVE-2024-43706 Kibana Improper Authorization

Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...

CVE-2024-43706 Kibana Improper Authorization

Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...

CVE-2024-43706

Kibana has a vulnerability CVE-2024-43706 described as Improper authorization that enables privilege abuse through a direct HTTP request to a Synthetic monitor endpoint. Multiple sources summarize that affected versions include Kibana up to 8.12.0, with a fix released in 8.12.1 (ESA-2024-21). The...

CVE-2025-48879 OctoPrint Vulnerable to Denial of Service through malformed HTTP request

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...

CVE-2025-48879 OctoPrint Vulnerable to Denial of Service through malformed HTTP request

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...

PT-2025-24819 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Elasticsearch Kibana affected versions not specified Description: The issue is related to improper authorization in Kibana, which can be exploited to abuse privileges. This can be achieved by sending a direct HTTP request to a Synthetic monit...

CVE-2025-20129 Cisco Customer Collaboration Platform Information Disclosure Vulnerability

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform CCP, formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent...

PortSwigger Web Security: DNS Rebinding SSRF in Burp Suite MCP Server Enables Internal Network Access via send_http1_request Tool

The Burp Suite MCP Model Context Protocol server was vulnerable to a DNS rebinding attack. This allowed malicious websites to connect to the victim's local MCP server, use the sendhttp1request tool to make arbitrary HTTP requests, and access internal networks, localhost services, and cloud metada...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to HTTP Request Smuggling due to Gunicorn ( CVE-2024-1135 )

Summary Gunicorn is used by IBM Cloud Pak for Data. CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding headers. By sending a specially crafted HTTPS transfer-encoding...

NetScaler-13.1-Warning "is_whitelisted_request - Dropping invalid http request" in ns.log

You may see warning message like below in ns.log and would like to know why this log exists. Aug 12 16:50:25 X.X.X.X 08/12/2024:07:50:25 GMT XXX 0-PPE-2 : default SSLVPN Message 918225 0 :"iswhitelistedrequest - Dropping invalid http request:|/v1|"...

Exploit for HTTP Request Smuggling in Apache Http_Server

CVE 2023 25690 - Proof of Concept Published: 7 March 2023...

CVE-2025-48045

An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials...

Security Bulletin: Multiple vulnerabilities in eclipse jetty may affect IBM Business Automation Workflow Case Configuration tool

Summary IBM Business Automation Workflow Case configuration tool packages vulnerable versions of the eclipse jetty open source library. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a fl...

SUSE-SU-2025:01504-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 - CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 - CVE-2025-32051: Fixed segmentation fault when parsing malformed dat...

Ubuntu: Security Advisory (USN-7543-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-23061 · Citrix · Citrix Netscaler

Name of the Vulnerable Software and Affected Versions: Citrix NetScaler affected versions not specified Description: The issue concerns HTTP Request Smuggling. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue...