10 matches found
CVE-2026-41417
Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...
SUSE CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
EUVD-2026-19603
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
CVE-2026-31842 Tinyproxy HTTP request parsing desynchronization via case-sensitive Transfer-Encoding handling
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
CVE-2025-41082
Illegal HTTP request traffic vulnerability CL.0 in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which...
CVE-2025-41082
Illegal HTTP request traffic vulnerability CL.0 in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which...
EUVD-2024-20834
Malicious code in bioql PyPI...
Ping Identity PingAccess Security Vulnerability
Ping Identity PingAccess is a centralized access security solution with a comprehensive policy engine from Ping Identity, Inc. It is used to provide secure access to applications and Api's up to the Url level and ensures that only authorized users can access the resources they need. A security...
Twisted 环境问题漏洞
Twisted is an event-driven open source web engine written in the Python language. Twisted suffers from an environmental issue vulnerability that stems from the fact that prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server was located in the Twisted. Web HTTP module, which parses several...