3355 matches found
CVE-2026-2332
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...
CVE-2026-2332
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...
UBUNTU-CVE-2026-2332
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...
CVE-2026-2332 HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...
CVE-2026-2332 HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...
CVE-2026-2332
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty terminates chunk extension parsing...
CVE-2026-2332
In the provided records, CVE-2026-2332 is a Jetty HTTP/1.1 parser vulnerability allowing request smuggling via chunked extension quoted-strings. The issue arises when chunk extensions are parsed and a CRLF occurs inside quotes, enabling a smuggled request across requests on a single connection. D...
Medium: rust
Issue Overview: A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the malicious data being able to corrupt data being hold in memory and to system availabilit...
EUVD-2026-22126
jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...
CVE-2026-32316
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...
CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...
EUVD-2026-22039
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...
CVE-2026-32316
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...
CVE-2026-32316
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...
nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions
A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...
Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2026-1568)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1568 advisory. A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the...
OpenClaw 信息泄露漏洞
OpenClaw is an intelligent artificial assistant developed under the OpenClaw open source project. OpenClaw has a vulnerability related to information leakage, which stems from the exposure of sensitive data through authorized URL query strings, potentially leading to credential leaks...
CVE-2026-34942
A flaw was found in Wasmtime, a runtime for WebAssembly. This vulnerability allows a malicious guest to trigger a host panic by improperly verifying the alignment of reallocated strings during transcoding. By transferring specific strings across components, an attacker can exploit this to cause a...
Wasmtime has out-of-bounds write or crash when transcoding component model strings
Impact Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest component's realloc is not validated before the host attempts to write through the pointer. This enables a guest to cause the host to write arbitrary transcoded string bytes...
Wasmtime: Panic when transcoding misaligned utf-16 strings
Impact Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be passed to the host for transcoding which would trigger a host panic. This panic ...