Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Github Security Blog
Github Security Blogadded 2025/04/24 4:7 p.m.13 views

h11 accepts some malformed Chunked-Encoding bodies

Impact A leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. Details HTTP/1.1 Chunked-Encoding bodies are formatted as a sequence of "chunks", each of which consists of: - chunk length - \r\n - leng...

9.1CVSS7.1AI score0.00242EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2024/12/04 4:58 p.m.22 views

MGASA-2024-0388 Updated python-aiohttp packages fix security vulnerabilities

When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'followsymlinks' is set to True,...

7.5CVSS7.3AI score0.93664EPSS
Exploits15References4
OSV
OSVadded 2022/07/15 3:35 p.m.5 views

SUSE-SU-2022:2416-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses bsc1201328. - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding bsc1201325. - CVE-2022-32214: Fixed HTTP request smuggling due to...

8.1CVSS7.2AI score0.86472EPSS
Exploits3References9
Hacker One
Hacker Oneadded 2020/12/21 4:29 p.m.30 views

Acronis: HTTP Request Smuggling on https://promosandbox.acronis.com

Summary The website https://promosandbox.acronis.com is vulnerable to HTTP Request Smuggling which can be abused by an attacker to redirect all the users to a malicious website. A redirect can be forced by changing the Host request header using the path /sf but the website will redirect you to...

7.1AI score
Exploits0
OSV
OSVadded 2020/07/17 12:15 p.m.6 views

SUSE-SU-2020:1946-1 Security update for squid

This update for squid fixes the following issues: - CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling attack CVE-2020-15049, bsc1173455...

9.9CVSS9.4AI score0.15653EPSS
Exploits0References3
Kitploit
Kitploitadded 2019/09/01 1:30 p.m.373 views

HTTP Request Smuggler - Extension For Burp Suite Designed To Help You Launch HTTP Request Smuggling Attacks

This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks, originally created during HTTP Desync Attacks research. It supports scanning for Request Smuggling vulnerabilities and also aids exploitation by handling cumbersome offset-tweaking for you. Install The...

7.6AI score
Exploits0References2
Rows per page
Query Builder