3632 matches found
CVE-2026-40560 Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...
CVE-2026-41873
UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under t...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the NewServer function in the HTTP server, specifically within the http.DefaultServeMux Fallback Handler. An attacker can access sensitive information by sending crafted HTTP requests that trigger the unintend...
CVE-2026-2708
CVE-2026-2708 affects the Libsoup HTTP/1 parser. The soup_message_headers_append_common() function unconditionally appends header values without validating for duplicate or conflicting Content-Length fields, enabling HTTP request smuggling via multiple Content-Length headers with differing values...
CVE-2026-2708
A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...
Security Bulletin: Vulnerability in libsoup affects IBM Netezza Appliance
Summary The libsoup package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVECVE-2025-14523 Vulnerability Details CVEID:CVE-2025-14523 DESCRIPTION: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last...
CVE-2025-31958 HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...
CVE-2025-31958 HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...
📄 ASP.net 8.0.10 Core Kestrel HTTP Request Smuggling
This Metasploit auxiliary module targets a critical HTTP request smuggling vulnerability in ASP.NET Core Kestrel caused by improper parsing of malformed chunked transfer encoding notably LF-only line handling and case-variant headers like chUnKEd...
ROS-20260420-73-0026
Vulnerability in python-aiohttp related to a flaw in http request handling. Exploitation of the vulnerability could allow a remote attacker to send a hidden http request http request smuggling attack...
OESA-2026-1970 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Inconsistent Interpretation of...
Exploit for CVE-2026-40175
CVE-2026-40175 — Axios CRLF Injection / HTTP Request Smuggling...
HTTP Request Smuggling
Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to HTTP Request Smuggling via the static...
Security Bulletin: Multiple Vulnerabilities in IBM Event Processing
Summary Multiple vulnerabilities were addressed in IBM Event Processing 1.5.0 Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. Th...
Security Bulletin:Vulnerabilities in Netty affects IBM Netezza Appliance
Summary The Netty package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-58056, CVE-2025-67735 Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of...
HTTP Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Bamboo Data Center
This High severity HTTP Request Smuggling vulnerability was introduced in version 9.6.0, 10.0.0, 10.1.1, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N...
HTTP Request Smuggling
Overview org.eclipse.jetty:jetty-http is an is a http module for jetty server. Affected versions of this package are vulnerable to HTTP Request Smuggling in the HTTP/1.1 parser HttpParser.java. An attacker can inject additional HTTP requests with chunked transfer encoding with improperly terminat...
CVE-2026-2332
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...
Important: Red Hat Security Advisory: nodejs:22 security update
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers
A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing e.g., "Content-Length" and "content-length". This can lead to HTTP Request Smuggling, a...