Lucene search
K

7355 matches found

CVE
CVE
added 2026/06/17 8:43 p.m.30 views

CVE-2026-48979

The CVE concerns PHP PSL versions 6.1.0, 6.1.1, and 6.2.0 where Psl\H2\ServerConnection fails to validate that the DATA frame length matches the content-length declared in the HEADERS frame, enabling HTTP request smuggling. This affects clients using Psl\H2\ServerConnection directly to process un...

7.5CVSS5.3AI score0.00267EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 7:48 p.m.39 views

CVE-2026-54387

CVE-2026-54387 affects Tinyproxy up to version 1.11.3. It fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to consume the request body. This desynchronizes frontend/backend parsers and can enab...

9.3CVSS5.6AI score0.00439EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 7:48 p.m.24 views

CVE-2026-54387 Tinyproxy - HTTP Request Smuggling via CL/TE Desynchronization

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...

9.3CVSS0.00439EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50544

Name of the Vulnerable Software and Affected Versions PHP Standard Library PSL versions 6.1.0 through 6.1.1 PHP Standard Library PSL version 6.2.0 Description The PslH2ServerConnection function does not validate that the total bytes received in DATA frames match the content-length header declared...

7.5CVSS5.9AI score0.00267EPSS
Exploits0References10
Veracode
Veracode
added 2026/06/16 6:38 p.m.10 views

HTTP Request Smuggling

Netty is vulnerable to HTTP Request Smuggling. The vulnerability is due to HttpObjectDecoder improperly ignoring non-CRLF control characters before the request line, which allows an attacker to create request-boundary confusion between front-end and back-end components and potentially smuggle...

5.3CVSS5.2AI score0.00232EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/06/16 5:36 p.m.6 views

HTTP Request Smuggling

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to HTTP Request Smuggling via improper validation of the Host header in the request scope. An attacker can gain unauthorized access to API endpoints by...

9.1CVSS5.9AI score0.01014EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:22 p.m.36 views

HTTP Request Smuggling

Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to HTTP Request Smuggling through the QuerystringParser function. An attacker can bypass upstream validation and inject or override form fields by crafting specially formatted...

6.3CVSS5.4AI score0.00176EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

SUSE SLED15 / SLES15 Security Update : libsoup (SUSE-SU-2026:2314-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2314-1 advisory. This update for libsoup fixes the following issues - CVE-2026-1801: HTTP Request Smuggling in...

7.5CVSS5.7AI score0.00829EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 7:2 p.m.13 views

Security Bulletin: Security Vulnerability in Spring Cloud Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-41235)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Cloud Vulnerability Details CVEID:CVE-2025-41235 DESCRIPTION: Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies. CWE:CWE-444:...

8.6CVSS7.9AI score0.0029EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/06/12 4:39 p.m.7 views

HTTP Request Smuggling

Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling in HttpObjectDecoder.java, which skips whitespace as well as bytes...

6.9CVSS5.4AI score0.00232EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/12 3:8 p.m.14 views

SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToHTTP1Codec

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec HTTP2FramePayloadToHTTP1ServerCodec / HTTP2ToHTTP1ServerCodec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. A remote attacker could send an HTTP/2 request containing CR \r, LF \n, o...

5.3CVSS5.5AI score0.00192EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/12 3:8 p.m.10 views

GHSA-4PX2-PW77-VC85 SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToHTTP1Codec

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec HTTP2FramePayloadToHTTP1ServerCodec / HTTP2ToHTTP1ServerCodec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. A remote attacker could send an HTTP/2 request containing CR \r, LF \n, o...

5.5AI score0.00192EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/12 3:7 p.m.13 views

SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

5.7AI score0.00044EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/12 12:26 p.m.8 views

OESA-2026-2666 libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: A flaw was found in libsoup. The SoupWebsocketConnection may accep...

8.2CVSS6.9AI score0.00821EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48922

Name of the Vulnerable Software and Affected Versions swift-nio-http2 versions prior to 1.44.0 Description The HTTP/2-to-HTTP/1.1 codec, specifically HTTP2FramePayloadToHTTP1ServerCodec and HTTP2ToHTTP1ServerCodec, fails to validate pseudo-header values for control characters before translating...

5.3CVSS6AI score0.00192EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48923

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

8.9CVSS5.7AI score0.00044EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/12 12:0 a.m.13 views

SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToHTTP1Codec

swift-nio-http2's HTTP/2-to-HTTP/1.1 codec HTTP2FramePayloadToHTTP1ServerCodec / HTTP2ToHTTP1ServerCodec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. A remote attacker could send an HTTP/2 request containing CR \r, LF \n, o...

5.3CVSS5.4AI score0.00192EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/12 12:0 a.m.14 views

SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

5.6AI score0.00044EPSS
Exploits0References3Affected Software1
Atlassian
Atlassian
added 2026/06/11 5:31 p.m.8 views

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Crowd Data Center

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity HTTP Request Smuggling vulnerability was introduced in versions 6.2.0, 6.3.0, 7.0.0, 7.1.0, 7.2.0 of Crowd Data Center. This HTTP...

9.8CVSS5.4AI score0.00607EPSS
Exploits1
Atlassian
Atlassian
added 2026/06/11 5:31 p.m.11 views

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Crowd Data Center

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity HTTP Request Smuggling vulnerability was introduced in versions 6.2.0, 6.3.0, 7.0.0, 7.1.0, 7.2.0 of Crowd Data Center. This HTTP...

9.1CVSS5.4AI score0.0075EPSS
Exploits1
Rows per page
Query Builder