Lucene search
K

3632 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/06 2:51 a.m.11 views

CVE-2026-28497

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...

9.3CVSS6AI score0.00467EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/06 2:51 a.m.37 views

CVE-2026-28497 TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...

9.3CVSS0.00467EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.4 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup2 (SUSE-SU-2026:0811-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0811-1 advisory. - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests...

5.8CVSS6.1AI score0.00423EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.3 views

SUSE SLES12 Security Update : libsoup (SUSE-SU-2026:0796-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0796-1 advisory. - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. - CVE-2026-1539: proxy...

5.8CVSS6.1AI score0.00423EPSS
Exploits1References10
EUVD
EUVD
added 2026/03/05 8:55 p.m.12 views

EUVD-2026-9510

Pingora vulnerable to HTTP Request Smuggling via Premature Upgrade...

9.3CVSS5.9AI score0.00666EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 8:0 p.m.2 views

SUSE-SU-2026:0834-1 Security update for libsoup2

This update for libsoup2 fixes the following issues: - CVE-2025-32049: denial of service attack to websocket server bsc1240751. - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. - CVE-2026-1539: proxy authentication credentials leaked via...

9.1CVSS6AI score0.00821EPSS
Exploits2References15
SUSE Linux
SUSE Linux
added 2026/03/05 7:55 p.m.7 views

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects bsc1257441...

8.8CVSS5.8AI score0.00423EPSS
Exploits1References12
OSV
OSV
added 2026/03/05 12:31 a.m.8 views

GHSA-262P-VJX5-45XH Duplicate Advisory: HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hj7x-879w-vrp7. This link is maintained to preserve external references. Original Description An HTTP Request Smuggling vulnerability CWE-444 has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding...

9.3CVSS5.9AI score0.00707EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/05 12:31 a.m.12 views

Duplicate Advisory: HTTP Request Smuggling via Premature Upgrade

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xq2h-p299-vjwv. This link is maintained to preserve external references. Original Description An HTTP request smuggling vulnerability CWE-444 was found in Pingora's handling of HTTP/1.1 connection upgrades. The...

9.3CVSS5.8AI score0.00666EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.6 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup (SUSE-SU-2026:0788-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0788-1 advisory. - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests...

5.8CVSS6.1AI score0.00423EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.14 views

Alibaba Cloud Linux 3 : 0043: php:7.4 (ALINUX3-SA-2026:0043)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0043 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-11233: In PHP versions 8.1. befor...

9.8CVSS6.2AI score0.02286EPSS
Exploits10References14
Vulnrichment
Vulnrichment
added 2026/03/04 11:20 p.m.4 views

CVE-2026-2833 HTTP Request Smuggling via Premature Upgrade

An HTTP request smuggling vulnerability CWE-444 was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, causing the proxy to pass through the rest of the bytes on the connection to a backend before the...

9.3CVSS5.7AI score0.00666EPSS
Exploits0References1
CVE
CVE
added 2026/03/04 11:20 p.m.34 views

CVE-2026-2833

CVE-2026-2833 / Pingora HTTP request smuggling via premature Upgrade . Affected product: Pingora proxy in standalone deployments. Vulnerability: HTTP/1.1 upgrade handling allows forwarding the bytes after an Upgrade header to the backend before the backend accepts the upgrade (CWE-444), potential...

9.3CVSS5.9AI score0.00666EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/04 11:20 p.m.5 views

CVE-2026-2833 HTTP Request Smuggling via Premature Upgrade

An HTTP request smuggling vulnerability CWE-444 was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, causing the proxy to pass through the rest of the bytes on the connection to a backend before the...

9.3CVSS6.7AI score0.00666EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/04 11:20 p.m.41 views

CVE-2026-2833 HTTP Request Smuggling via Premature Upgrade

An HTTP request smuggling vulnerability CWE-444 was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, causing the proxy to pass through the rest of the bytes on the connection to a backend before the...

9.3CVSS0.00666EPSS
Exploits0References1
OSV
OSV
added 2026/03/04 12:0 p.m.6 views

RUSTSEC-2026-0033 HTTP Request Smuggling via Premature Upgrade

Pingora versions prior to 0.8.0 would immediately forward bytes following a request with an Upgrade header to the backend, without waiting for a 101 Switching Protocols response. This allows an attacker to smuggle requests to the backend and bypass proxy-level security controls. This vulnerabilit...

9.3CVSS6AI score0.00666EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/03/04 9:33 a.m.6 views

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects bsc1257441...

8.8CVSS5.9AI score0.00423EPSS
Exploits1References12
NVD
NVD
added 2026/02/23 9:17 a.m.15 views

CVE-2026-26365

Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the Akamai processing pat...

4CVSS0.00177EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/22 6:54 p.m.171 views

exploit-notes

🎯 Pentest Playbook Index Welcome to the comprehensive penetra...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.6 views

CVE-2025-12811

Improper Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' in Delinea Inc. Cloud Suite and Privileged Access Service. If you're not using the latest Server Suite agents, this fix requires that you upgrade to Server Suite 2023.1 agent 6.0.1 or later. If you cannot upgrade to...

6.9CVSS5.5AI score0.00329EPSS
Exploits0References1
Rows per page
Query Builder