HTTP Request Smuggling

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to HTTP Request Smuggling in the processHeader while handling HTTP/1.1 requests containing duplicate Content-Length headers with differing casing. An attacker can bypass...

HTTP Request Smuggling

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to HTTP Request Smuggling in the processHeader while handling HTTP/1.1 requests containing duplicate Content-Length headers with differing casing. An attacke...

CVE-2026-32239 Cap'n Proto has an integer overflow in KJ-HTTP

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

CVE-2026-26794

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...

PT-2026-25080

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to a reboot of the device, provided they hav...

PT-2026-25069

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This...

CVE-2026-25819

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to a reboot of the device, provided they hav...

CVE-2025-66178

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

SUSE SLES15 Security Update : libsoup (SUSE-SU-2026:0833-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0833-1 advisory. - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. - CVE-2026-1539: proxy...

CVE-2026-28497 TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...

CVE-2026-28497

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...

Medium: ecs-init

Issue Overview: The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content. CVE-2025-47911 The html.Parse function in golang.org/x/net/html has an...

SUSE SLES12 Security Update : libsoup (SUSE-SU-2026:0796-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0796-1 advisory. - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. - CVE-2026-1539: proxy...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup2 (SUSE-SU-2026:0811-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0811-1 advisory. - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests...

EUVD-2026-9510

Pingora vulnerable to HTTP Request Smuggling via Premature Upgrade...

SUSE-SU-2026:0834-1 Security update for libsoup2

This update for libsoup2 fixes the following issues: - CVE-2025-32049: denial of service attack to websocket server bsc1240751. - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. - CVE-2026-1539: proxy authentication credentials leaked via...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests bsc1257398. CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects bsc1257441...

CVE-2026-1605

A flaw was found in org.eclipse.jetty. A remote attacker can exploit this vulnerability by sending a compressed HTTP request with Content-Encoding: gzip when the server's response is not compressed. This prevents the release of the JDK Inflater, leading to a resource leak. This resource exhaustio...

CVE-2026-1605

In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding response is not compressed. This happens because the JDK Inflater is allocated for decompressing t...