CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...

HTTP Request Smuggling

OSV•added 2025/09/23 5:37 p.m.•1 views

GHSA-WCWH-7GFW-5WRR Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section

Summary http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to: - Bypass front-end servers security controls - Launch targeted attacks against active users - Poison web caches Pre-requisites for the exploitatio...

6.3CVSS6.1AI score0.00072EPSS

Exploits1References4

HTTP Request Smuggling

HTTP Request Smuggling

HTTP Request Smuggling

Snyk•added 2025/09/23 5:37 p.m.•1 views

HTTP Request Smuggling

Snyk•added 2025/09/23 5:37 p.m.•0 views

HTTP Request Smuggling

HTTP Request Smuggling

HTTP Request Smuggling

Snyk•added 2025/09/23 5:37 p.m.•1 views

HTTP Request Smuggling

HTTP Request Smuggling

Positive Technologies•added 2025/09/23 12:0 a.m.•4 views

PT-2025-39209

Name of the Vulnerable Software and Affected Versions Http4s versions 1.0.0-M1 through 1.0.0-M44 Http4s versions prior to 0.23.31 Description Http4s is susceptible to HTTP Request Smuggling because of incorrect handling of the HTTP trailer section. This can allow attackers to circumvent front-end...

6.3CVSS6.6AI score0.00072EPSS

Exploits1References10

CNVD•added 2025/09/12 12:0 a.m.•1 views

InstantCMS Code Issues Vulnerabilities

InstantCMS is a free and open source content management system. A security vulnerability exists in InstantCMS 2.17.3 and earlier versions, which stems from the package parameter in the installer function not effectively filtering user input. The vulnerability can be exploited by an attacker to sc...

7.2CVSS6.4AI score0.00277EPSS

Exploits1References1

Tenable Nessus•added 2025/09/10 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2022-46302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for...

8.8CVSS8.6AI score0.003EPSS

Exploits0References2

Cvelist•added 2025/09/03 8:56 p.m.•9 views

CVE-2025-58056 Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size line...

6.3CVSS0.00097EPSS

Exploits1References7

Tenable Nessus•added 2025/09/02 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2021-33037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstance...

5.3CVSS6.8AI score0.01865EPSS

Tenable Nessus•added 2025/08/30 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2021-43848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain...

7.4CVSS6.3AI score0.133EPSS