Lucene search
K

9 matches found

CVE
CVE
added 2026/06/22 2:55 p.m.51 views

CVE-2026-53655

node-tar (node-tar) before version 7.5.16 is vulnerable: it applies a PAX extended header size override to the next header entry, including intermediary L/K/x headers, which desynchronizes the stream cursor from other tar implementations. This yields a tar-parser interpretation differential (CWE-...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/06/18 4:5 p.m.51 views

CVE-2026-55203

HAProxy

9.1CVSS5.6AI score0.00321EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/17 8:17 p.m.11 views

CVE-2026-54387

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...

9.3CVSS0.00439EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50539

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to 1.11.4 Description Tinyproxy fails to reject requests containing multiple Content-Length headers with differing values. The software forwards all duplicate headers to the backend but uses only the first value to...

9.3CVSS6.1AI score0.00439EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2026/06/15 7:15 p.m.8 views

CVE-2026-52718

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS5.4AI score0.00307EPSS
Exploits0
OSV
OSV
added 2026/04/23 8:6 a.m.5 views

SUSE-SU-2026:21353-1 Security update for haproxy

This update for haproxy fixes the following issues: Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626...

5.8CVSS5.2AI score0.00297EPSS
Exploits1References4
OSV
OSV
added 2026/04/23 8:5 a.m.4 views

SUSE-SU-2026:21390-1 Security update for haproxy

This update for haproxy fixes the following issues: Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626...

5.8CVSS5.2AI score0.00297EPSS
Exploits1References4
OSV
OSV
added 2026/04/22 5:41 p.m.6 views

SUSE-SU-2026:21289-1 Security update for haproxy

This update for haproxy fixes the following issue: - CVE-2026-33555: improper validation when matching a received body length to a previously announced Content-Length can lead to request smuggling due to HTTP/3 parser desynchronization bsc1262103...

5.8CVSS5.3AI score0.00297EPSS
Exploits1References3
OSV
OSV
added 2026/04/22 10:53 a.m.5 views

SUSE-SU-2026:21318-1 Security update for haproxy

This update for haproxy fixes the following issue: - CVE-2026-33555: improper validation when matching a received body length to a previously announced Content-Length can lead to request smuggling due to HTTP/3 parser desynchronization bsc1262103...

5.8CVSS5.3AI score0.00297EPSS
Exploits1References3
Rows per page
Query Builder