3631 matches found
Astra Linux – Vulnerability in http-parser
Node.js versions before 10.23.1, 12.20.1, 14.15.4, and 15.5.1 allow for two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...
Astra Linux – Vulnerability in Gunicorn
Gunicorn fails to properly validate Transfer-Encoding headers, resulting in HTTP Request Smuggling HRS vulnerabilities. By creating requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue arises due to Gunicorn’s...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple issues in tomcat-embed-core [CVE-2026-24880, CVE-2026-25854, CVE-2026-29129, CVE-2026-29145, CVE-2026-29146, CVE-2026-32990, CVE-2026-34483, CVE-2026-34487, CVE-2026-3450]
Summary IBM Watson Speech Services Cartridge is vulnerable to multiple issues in tomcat-embed-core CVE-2026-24880, CVE-2026-25854, CVE-2026-29129, CVE-2026-29145, CVE-2026-29146, CVE-2026-32990, CVE-2026-34483, CVE-2026-34487, CVE-2026-3450. Tomcat-embed-core is used in our speech microservices...
CVE-2026-54387 Tinyproxy - HTTP Request Smuggling via CL/TE Desynchronization
Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...
HTTP Request Smuggling
Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to HTTP Request Smuggling through the QuerystringParser function. An attacker can bypass upstream validation and inject or override form fields by crafting specially formatted...
SUSE SLED15 / SLES15 Security Update : libsoup (SUSE-SU-2026:2314-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2314-1 advisory. This update for libsoup fixes the following issues - CVE-2026-1801: HTTP Request Smuggling in...
CVE-2026-6338
A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...
CVE-2026-6338 HTTP request smuggling in Kong Enteprise Gateway
A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic...
CVE-2026-6338
Kong Gateway Enterprise versions 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 are affected by a HTTP request smuggling and desynchronization vulnerability caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic. The issue can enable network‑level abus...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : Netty vulnerabilities (USN-8401-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8401-1 advisory. It was discovered that Netty's HTTP proxy handler did not properly validate heade...
EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2026-2213)
According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in th...
EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2026-2251)
According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in th...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Vulnerabilit...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)
Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Vulnerability...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to HTTP Request Smuggling CVE-2026-1002
Summary Vert.x is used by the IBM Datapower Operations Dashboard as part of their network implementation Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using...
Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2026-1778)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1778 advisory. OOB Read via Integer Overflow on libsoup through libsoup/websocket/soup-websocket-connection.c via processframe leads to Undefined Behavior CVE-2026-0716 A flaw was found in libsoup, an HTTP...
HTTP Request Smuggling
Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to HTTP Request Smuggling via multipart reque...
CVE-2026-41873
UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under t...