Lucene search
K

3631 matches found

Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.22 views

PT-2026-37626

Name of the Vulnerable Software and Affected Versions Gazelle versions prior to 0.50 Description Improper header precedence allows HTTP Request Smuggling. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present in an HTTP request,...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References10
Snyk
Snyk
added 2026/05/05 6:27 p.m.6 views

HTTP Request Smuggling

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling in the setUri function. An attacker can inject arbitrary CRLF sequenc...

6.5CVSS5.9AI score0.00307EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 4:20 p.m.15 views

Security Bulletin: Vulnerabilities in Apache Tomcat and Lodash might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Apache Tomcat and Lodash. Vulnerabilities include Improper Input Validation vulnerability in Apache Tomcat, Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apach...

9.1CVSS7.3AI score0.00715EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/05/03 1:15 a.m.9 views

DEBIAN-CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/03 12:57 a.m.8 views

CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.3CVSS5.8AI score0.00378EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/03 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-40561

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes Content-Length over...

5.3CVSS5.4AI score0.00378EPSS
Exploits0References3
NVD
NVD
added 2026/05/01 9:16 p.m.18 views

CVE-2026-39805

Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a request...

6.3CVSS0.00518EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/01 8:34 p.m.40 views

CVE-2026-39805 CL.CL HTTP request smuggling via duplicate Content-Length in bandit

Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a request...

6.3CVSS0.00518EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/01 8:34 p.m.7 views

CVE-2026-39805 CL.CL HTTP request smuggling via duplicate Content-Length in bandit

Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a request...

6.3CVSS5.8AI score0.00518EPSS
Exploits0References4
OSV
OSV
added 2026/05/01 8:34 p.m.31 views

EEF-CVE-2026-39805 CL.CL HTTP request smuggling via duplicate Content-Length in bandit

Summary Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a...

6.3CVSS5.8AI score0.00518EPSS
Exploits0References4
CVE
CVE
added 2026/05/01 8:34 p.m.30 views

CVE-2026-39805

CVE-2026-39805 describes an HTTP request smuggling flaw in Elixir Bandit (bandit) due to Bandit.Headers:get_content_length/1 using List.keyfind/3. If a request carries two Content-Length headers with different values, Bandit may read the body using the first value and dispatch the remaining bytes...

6.3CVSS5.8AI score0.00518EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.10 views

PT-2026-36541

Name of the Vulnerable Software and Affected Versions bandit versions prior to 1.11.0 Description Inconsistent interpretation of HTTP requests allows HTTP request smuggling via duplicate Content-Length headers. The function get content length in Elixir.Bandit.Headers uses List.keyfind/3, which on...

6.3CVSS5.8AI score0.00518EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.13 views

Atlassian Bamboo 9.6.x < 9.6.25 / 10.x < 10.2.18 / 11.x < 12.1.6 Multiple Vulnerabilities

The version of Atlassian Bamboo installed on the remote host is 9.6.x prior to 9.6.25, 10.x prior to 10.2.18, or 11.x prior to 12.1.6. It is, therefore, affected by multiple vulnerabilities: - An OS command injection vulnerability allows an authenticated attacker to execute commands on the remote...

9.4CVSS7.2AI score0.02591EPSS
Exploits2References8
Amazon
Amazon
added 2026/04/30 12:0 a.m.10 views

Medium: tomcat

Issue Overview: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0...

9.1CVSS5.7AI score0.03494EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/04/29 12:11 p.m.6 views

CVE-2026-40560

A flaw was found in Starman. Starman versions before 0.4018 for Perl incorrectly prioritize the "Content-Length" header over "Transfer-Encoding: chunked" when both are present in an HTTP request, violating RFC 7230 3.3.3. A remote attacker could exploit this improper header precedence to perform...

7.5CVSS5.3AI score0.00487EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/04/29 8:9 a.m.4 views

Libsoup: libsoup: http request smuggling via duplicate content-length headers

...

5.3CVSS5.8AI score0.00321EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2026/04/29 12:0 a.m.9 views

CVE-2026-40560

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

7.5CVSS5.8AI score0.00487EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-40560

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes Content-Length over...

7.5CVSS6AI score0.00487EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/28 11:46 p.m.68 views

CVE-2026-40560 Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

0.00487EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/28 11:46 p.m.4 views

CVE-2026-40560 Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

5.2AI score0.00487EPSS
Exploits0References3
Rows per page
Query Builder