Lucene search
K

3632 matches found

cvelist
cvelist
added 2026/04/28 11:46 p.m.68 views

CVE-2026-40560 Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

0.00487EPSS
Exploits0References3
nvd
nvd
added 2026/04/28 4:16 p.m.7 views

CVE-2026-41873

UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under t...

9.8CVSS0.00444EPSS
Exploits0References2
snyk
snyk
added 2026/04/25 6:30 p.m.9 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the NewServer function in the HTTP server, specifically within the http.DefaultServeMux Fallback Handler. An attacker can access sensitive information by sending crafted HTTP requests that trigger the unintend...

6.9CVSS5.8AI score0.00315EPSS
Exploits0References2
cve
cve
added 2026/04/23 9:51 p.m.41 views

CVE-2026-2708

CVE-2026-2708 affects the Libsoup HTTP/1 parser. The soup_message_headers_append_common() function unconditionally appends header values without validating for duplicate or conflicting Content-Length fields, enabling HTTP request smuggling via multiple Content-Length headers with differing values...

5.3CVSS5.7AI score0.00321EPSS
Exploits1References4Affected Software2
debiancve
debiancve
added 2026/04/23 9:51 p.m.9 views

CVE-2026-2708

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...

5.3CVSS5.2AI score0.00321EPSS
Exploits1
ibm
ibm
added 2026/04/23 11:3 a.m.11 views

Security Bulletin: Vulnerability in libsoup affects IBM Netezza Appliance

Summary The libsoup package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVECVE-2025-14523 Vulnerability Details CVEID:CVE-2025-14523 DESCRIPTION: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last...

8.2CVSS5.8AI score0.00505EPSS
Exploits0Affected Software1
cvelist
cvelist
added 2026/04/21 1:59 p.m.33 views

CVE-2025-31958 HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...

3.7CVSS0.00177EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/04/21 1:59 p.m.5 views

CVE-2025-31958 HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...

3.7CVSS5.8AI score0.00177EPSS
Exploits0References1
packetstorm
packetstorm
added 2026/04/21 12:0 a.m.144 views

📄 ASP.net 8.0.10 Core Kestrel HTTP Request Smuggling

This Metasploit auxiliary module targets a critical HTTP request smuggling vulnerability in ASP.NET Core Kestrel caused by improper parsing of malformed chunked transfer encoding notably LF-only line handling and case-variant headers like chUnKEd...

9.9CVSS5.8AI score0.65838EPSS
Exploits5
redos
redos
added 2026/04/20 12:0 a.m.8 views

ROS-20260420-73-0026

Vulnerability in python-aiohttp related to a flaw in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...

6.9CVSS6.4AI score0.00236EPSS
Exploits0
osv
osv
added 2026/04/17 1:2 p.m.13 views

OESA-2026-1970 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Inconsistent Interpretation of...

9.1CVSS5.7AI score0.21691EPSS
Exploits8References11
githubexploit
githubexploit
added 2026/04/17 2:46 a.m.114 views

Exploit for CVE-2026-40175

CVE-2026-40175 — Axios CRLF Injection / HTTP Request Smuggling...

10CVSS5.8AI score0.01815EPSS
Exploits5
snyk
snyk
added 2026/04/17 12:0 a.m.10 views

HTTP Request Smuggling

Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to HTTP Request Smuggling via the static...

5.9CVSS5.7AI score0.00236EPSS
Exploits0References2
ibm
ibm
added 2026/04/16 12:12 p.m.13 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing

Summary Multiple vulnerabilities were addressed in IBM Event Processing 1.5.0 Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. Th...

9.2CVSS5.9AI score0.025EPSS
Exploits3Affected Software1
ibm
ibm
added 2026/04/15 10:37 a.m.3 views

Security Bulletin:Vulnerabilities in Netty affects IBM Netezza Appliance

Summary The Netty package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-58056, CVE-2025-67735 Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of...

7.5CVSS6.7AI score0.00631EPSS
Exploits2Affected Software1
atlassian
atlassian
added 2026/04/14 10:29 p.m.24 views

HTTP Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Bamboo Data Center

This High severity HTTP Request Smuggling vulnerability was introduced in version 9.6.0, 10.0.0, 10.1.1, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N...

7.5CVSS5.7AI score0.00453EPSS
Exploits0
snyk
snyk
added 2026/04/14 12:12 p.m.5 views

HTTP Request Smuggling

Overview org.eclipse.jetty:jetty-http is an is a http module for jetty server. Affected versions of this package are vulnerable to HTTP Request Smuggling in the HTTP/1.1 parser HttpParser.java. An attacker can inject additional HTTP requests with chunked transfer encoding with improperly terminat...

9.1CVSS5.7AI score0.01127EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/04/14 10:59 a.m.6 views

CVE-2026-2332

In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...

7.4CVSS5.8AI score0.01127EPSS
Exploits1References3Affected Software1
redhat
redhat
added 2026/04/14 7:23 a.m.7 views

Important: Red Hat Security Advisory: nodejs:22 security update

An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS6.9AI score0.26356EPSS
Exploits2References10
redhat
redhat
added 2026/04/14 7:23 a.m.19 views

undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing e.g., "Content-Length" and "content-length". This can lead to HTTP Request Smuggling, a...

9.8CVSS7AI score0.00493EPSS
Exploits0References9
Rows per page
Query Builder