Lucene search
K

121693 matches found

OSV
OSV
added 2026/03/27 5:16 p.m.5 views

UBUNTU-CVE-2026-28367

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

9.1CVSS5.7AI score0.00706EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.5 views

CVE-2026-27663

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.10, RTUM85 RTU Base All versions V26.10. The affected application contains denial-of-service DoS vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjecte...

7.1CVSS5.8AI score0.00269EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 5:5 p.m.2 views

CVE-2026-4964

A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...

6.5CVSS6.3AI score0.00327EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/27 5:5 p.m.29 views

CVE-2026-4964 letta-ai letta File URL message_helper.py _convert_message_create_to_message server-side request forgery

A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...

6.5CVSS0.00327EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/03/27 4:13 p.m.4 views

CVE-2026-28367

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

9.1CVSS5.4AI score0.00706EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/27 4:13 p.m.4 views

CVE-2026-28369

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

9.1CVSS5.5AI score0.00677EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/27 4:13 p.m.45 views

CVE-2026-28369 Undertow: undertow: request smuggling via malformed http request headers

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

8.7CVSS0.00677EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/27 4:13 p.m.23 views

CVE-2026-28367 Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

8.7CVSS0.00706EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/27 4:13 p.m.3 views

CVE-2026-28367 Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

8.7CVSS5.8AI score0.00706EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/27 4:13 p.m.3 views

CVE-2026-28369 Undertow: undertow: request smuggling via malformed http request headers

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

8.7CVSS5.9AI score0.00677EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 4:13 p.m.4 views

CVE-2026-28367

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

8.7CVSS5.8AI score0.00706EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/27 4:13 p.m.1 views

CVE-2026-28369

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

8.7CVSS5.9AI score0.00677EPSS
Exploits0References3
CVE
CVE
added 2026/03/27 4:13 p.m.85 views

CVE-2026-28369

Undertow contains a vulnerability where the first HTTP header line with leading spaces is stripped, violating HTTP standards and enabling request smuggling. Affected component: Undertow HTTP header parsing. Root cause: improper handling that trims leading spaces on the initial header line. Impact...

9.1CVSS5.9AI score0.00677EPSS
Exploits0References4Affected Software10
CVE
CVE
added 2026/03/27 4:13 p.m.60 views

CVE-2026-28367

Undertow contains a flaw that allows HTTP request smuggling by sending a header terminator of \r\r\r. A remote attacker could exploit this against certain proxies (e.g., older Apache Traffic Server, Google Cloud Classic Application Load Balancer) to cause unauthorized access or manipulation of we...

9.1CVSS5.8AI score0.00706EPSS
Exploits0References4Affected Software9
Debian CVE
Debian CVE
added 2026/03/27 4:13 p.m.3 views

CVE-2026-28368

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks,...

9.1CVSS5.4AI score0.00704EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/27 4:13 p.m.25 views

CVE-2026-28368 Undertow: undertow: request smuggling via inconsistent header parsing

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks,...

8.7CVSS0.00704EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/27 4:13 p.m.5 views

CVE-2026-28368 Undertow: undertow: request smuggling via inconsistent header parsing

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks,...

8.7CVSS5.9AI score0.00704EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 4:13 p.m.5 views

CVE-2026-28368

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks,...

8.7CVSS5.9AI score0.00704EPSS
Exploits0References3
CVE
CVE
added 2026/03/27 4:13 p.m.36 views

CVE-2026-28368

A vulnerability (CVE-2026-28368) affects Undertow and involves a discrepancy in header parsing between Undertow and upstream proxies, enabling HTTP request smuggling. Reported across multiple sources (NVD, Debian/Ubuntu OSV, Circl, GitHub advisories, and Nessus plugin) with confirmed references t...

9.1CVSS5.9AI score0.00704EPSS
Exploits0References4Affected Software10
Cvelist
Cvelist
added 2026/03/27 4:9 p.m.21 views

CVE-2026-4961 Tenda AC6 POST Request QuickIndex formQuickIndex stack-based overflow

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible ...

9CVSS0.00773EPSS
Exploits1References5
Rows per page
Query Builder