16585 matches found
CVE-2025-29904
CVE-2025-29904 : JetBrains Ktor before 3.1.1 is vulnerable to HTTP Request Smuggling. The issue affects Ktor’s HTTP handling prior to 3.1.1. Remediation: upgrade to 3.1.1 or newer (per Nessus/Snyk analyses and vendor advisories).
CVE-2025-29904
In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible...
IBM Control Center Input Validation Error Vulnerability (CNVD-2025-06654)
IBM Control Center is a centralized monitoring and management system from International Business Machines IBM. An input validation error vulnerability exists in IBM Control Center versions 6.2.1 through 6.3.1, which stems from improper user input validation, and can be exploited by an attacker to...
PT-2025-11038
Name of the Vulnerable Software and Affected Versions: JetBrains Ktor versions prior to 3.1.1 Description: The issue allows for HTTP Request Smuggling. Recommendations: For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue...
Security Bulletin: Vulnerabilities with DataStage on Cloud Pak for Data related to Netezza nz-linux-amd64 0.7.1
Summary IBM has released the below fix for IBM DataStage on Cloud Pak for Data in response to multiple vulnerabilities found in components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-29923 DESCRIPTION: Golang Go could allow a...
PT-2025-11679 · Openresty +1 · Lua-Nginx-Module +2
Name of the Vulnerable Software and Affected Versions: OpenResty/lua-nginx-module affected versions not specified Description: The issue concerns HTTP Request Smuggling in HEAD requests. When handling HTTP/1.1 requests, the lua-nginx-module incorrectly parses HEAD requests with a body, treating t...
Advisory ROSA-SA-2025-2767
Software: libsoup 2.62.3 OS: ROSA Virtualization 3.0 packageevrstring: libsoup-2.62.3-7.rv30 CVE-ID: CVE-2024-52530 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An HTTP request smuggling vulnerability in GNOME libsoup allows an attacker to trick the server by injecting the '\0' character into request...
Advisory ROSA-SA-2025-2764
Software: libsoup 2.62.3 OS: ROSA Virtualization 2.1 packageevrstring: libsoup-2.62.3-7.rv3 CVE-ID: CVE-2024-52530 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An HTTP request smuggling vulnerability in GNOME libsoup allows an attacker to trick the server by injecting the '\0' character into request...
Medium: php8.2
Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...
Linux Distros Unpatched Vulnerability : CVE-2024-53008
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker ma...
Linux Distros Unpatched Vulnerability : CVE-2024-52530
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a...
CVE-2025-1867
Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in ithewei libhv allows HTTP Response Smuggling.This issue affects libhv: through 1.3.3...
Linux Distros Unpatched Vulnerability : CVE-2024-21647
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer...
Linux Distros Unpatched Vulnerability : CVE-2023-38322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a dobinauth NULL pointer dereference that be triggered with a crafted GET HTTP...
Linux Distros Unpatched Vulnerability : CVE-2024-27982
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request...
Linux Distros Unpatched Vulnerability : CVE-2023-46846
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall...
Linux Distros Unpatched Vulnerability : CVE-2023-40175
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encodin...
Linux Distros Unpatched Vulnerability : CVE-2022-1705
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined...
Linux Distros Unpatched Vulnerability : CVE-2023-30589
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling...
Linux Distros Unpatched Vulnerability : CVE-2022-24801
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in t...