Lucene search
K

121686 matches found

EUVD
EUVD
added 2026/03/27 6:31 p.m.5 views

EUVD-2026-16723

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotel...

9CVSS7.9AI score0.00773EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/03/27 6:31 p.m.6 views

Undertow is Vulnerable to HTTP Request/Response Smuggling

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

9.1CVSS5.8AI score0.00706EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 6:31 p.m.7 views

Undertow is Vulnerable to HTTP Request/Response Smuggling

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks,...

9.1CVSS5.9AI score0.00704EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/27 6:31 p.m.7 views

Undertow is Vulnerable to HTTP Request/Response Smuggling

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

9.1CVSS5.9AI score0.00677EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/27 6:31 p.m.3 views

GHSA-8V4X-MGVP-P658 Undertow is Vulnerable to HTTP Request/Response Smuggling

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks,...

8.7CVSS5.9AI score0.00704EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/27 6:31 p.m.4 views

HTTP Request Smuggling

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to HTTP Request Smuggling due to incorrect handling of white-spaces in HTTP request headers. An attacker can gain unauthorized access to restricted information or...

9.1CVSS5.4AI score0.00677EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 6:31 p.m.6 views

HTTP Request Smuggling

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to HTTP Request Smuggling via the proxy server. An attacker can gain unauthorized access or manipulate web requests by sending specially crafted header block...

9.1CVSS5.3AI score0.00706EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 6:31 p.m.7 views

HTTP Request Smuggling

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to HTTP Request Smuggling via discrepancies in the parsing of HTTP header names. An attacker can bypass security controls and access unauthorized resources by sending...

9.1CVSS5.3AI score0.00704EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/27 6:31 p.m.5 views

EUVD-2026-16696

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks,...

8.7CVSS5.9AI score0.00704EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/27 6:31 p.m.16 views

EUVD-2026-16698

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

8.7CVSS5.9AI score0.00677EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/27 6:31 p.m.4 views

EUVD-2026-16694

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

8.7CVSS5.8AI score0.00706EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 6:31 p.m.3 views

GHSA-VQQJ-9CMV-HX43 Undertow is Vulnerable to HTTP Request/Response Smuggling

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

8.7CVSS5.9AI score0.00677EPSS
Exploits0References6
OSV
OSV
added 2026/03/27 6:31 p.m.4 views

GHSA-3GV6-G396-9V4R Undertow is Vulnerable to HTTP Request/Response Smuggling

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

8.7CVSS5.8AI score0.00706EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/27 6:23 p.m.3 views

CVE-2026-26061 Fleet's unbounded request body read allows remote Denial of Service

Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References1
OSV
OSV
added 2026/03/27 6:23 p.m.4 views

CVE-2026-26061 Fleet's unbounded request body read allows remote Denial of Service

Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/27 6:23 p.m.25 views

CVE-2026-26061 Fleet's unbounded request body read allows remote Denial of Service

Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive...

8.7CVSS0.00434EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/27 6:17 p.m.17 views

Fleet's unbounded request body read allows remote Denial of Service

Summary Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive memory allocation and resulting in a denial-of-service DoS...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/27 6:17 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of request body size limits in unauthenticated HTTP endpoints. An attacker can exhaust server memory and cause process restarts by sending large or repeated HTTP...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 6:17 p.m.0 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of request body size limits in unauthenticated HTTP endpoints. An attacker can exhaust server memory and cause process restarts by sending large or repeated HTTP...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/27 6:17 p.m.5 views

EUVD-2026-16744

Fleet's unbounded request body read allows remote Denial of Service...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References1
Rows per page
Query Builder