Total
264 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-11915 | 2025-10-22 | N/A | N/A | ||
| Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action. | |||||
| CVE-2022-25763 | 3 Apache, Debian, Fedoraproject | 3 Traffic Server, Debian Linux, Fedora | 2025-10-20 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||||
| CVE-2025-59822 | 1 Typelevel | 1 Http4s | 2025-10-08 | N/A | 7.5 HIGH |
| Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to bypass front-end servers security controls, launch targeted attacks against active users, and poison web caches. A pre-requisite for exploitation involves the web application being deployed behind a reverse-proxy that forwards trailer headers. This issue has been patched in versions 1.0.0-M45 and 0.23.31. | |||||
| CVE-2025-29904 | 1 Jetbrains | 1 Ktor | 2025-10-02 | N/A | 5.3 MEDIUM |
| In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible | |||||
| CVE-2025-4600 | 1 Google | 1 Application Load Balancer | 2025-09-26 | N/A | 7.5 HIGH |
| A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after a chunk, and is no longer exploitable. No action is required as Classic Application Load Balancer service after 2025-04-26 is not vulnerable. | |||||
| CVE-2025-6999 | 2025-09-16 | N/A | N/A | ||
| An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting (XSS) attack.This issue affects Fireware OS: from 12.0 through 12.11.2. | |||||
| CVE-2025-56266 | 1 Avigilon | 1 Access Control Manager | 2025-09-12 | N/A | 9.8 CRITICAL |
| A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL. | |||||
| CVE-2025-52892 | 1 Espocrm | 1 Espocrm | 2025-09-11 | N/A | 4.5 MEDIUM |
| EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP. In versions 9.1.6 and below, if a user loads Espo in the browser with double slashes (e.g https://domain//#Admin) and the webserver does not strip the double slash, it can cause a corrupted Slim router's cache. This will make the instance unusable until there is a completed rebuild. This is fixed in version 9.1.7. | |||||
| CVE-2025-49005 | 1 Vercel | 2 Next.js, Vercel | 2025-09-10 | N/A | 3.7 LOW |
| Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component (RSC) payload instead under certain conditions. When deployed to Vercel, this would only impact the browser cache, and would not lead to the CDN being poisoned. When self-hosted and deployed externally, this could lead to cache poisoning if the CDN does not properly distinguish between RSC / HTML in the cache keys. This issue has been resolved in Next.js 15.3.3. | |||||
| CVE-2024-34350 | 1 Vercel | 1 Next.js | 2025-09-10 | N/A | 7.5 HIGH |
| Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to be exploitable, the affected route also had to be making use of the [rewrites](https://nextjs.org/docs/app/api-reference/next-config-js/rewrites) feature in Next.js. The vulnerability is resolved in Next.js `13.5.1` and newer. | |||||
| CVE-2025-49826 | 1 Vercel | 1 Next.js | 2025-09-10 | N/A | 7.5 HIGH |
| Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found in Next.js. This issue does not impact customers hosted on Vercel. Under certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to the 204 response being served to all users attempting to access the page. This issue has been addressed in version 15.1.8. | |||||
| CVE-2025-58056 | 1 Netty | 1 Netty | 2025-09-08 | N/A | 7.5 HIGH |
| Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final. | |||||
| CVE-2024-44775 | 1 Davidepianca98 | 1 Kmqtt | 2025-09-04 | N/A | 7.5 HIGH |
| An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request. | |||||
| CVE-2025-54142 | 2025-08-29 | N/A | 4.0 MEDIUM | ||
| Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards. | |||||
| CVE-2025-6442 | 1 Ruby-lang | 1 Webrick | 2025-08-18 | N/A | 5.9 MEDIUM |
| Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876. | |||||
| CVE-2025-53643 | 1 Aiohttp | 1 Aiohttp | 2025-08-14 | N/A | 7.5 HIGH |
| AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue. | |||||
| CVE-2025-32094 | 2025-08-07 | N/A | 4.0 MEDIUM | ||
| An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai servers interpret the request, allowing an attacker to smuggle a second request in the original request body. | |||||
| CVE-2023-46589 | 1 Apache | 1 Tomcat | 2025-08-07 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. | |||||
| CVE-2025-53628 | 1 Yhirose | 1 Cpp-httplib | 2025-08-06 | N/A | 8.8 HIGH |
| cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related to CVE-2025-53629. | |||||
| CVE-2025-4366 | 1 Cloudflare | 1 Pingora | 2025-08-06 | N/A | 6.1 MEDIUM |
| A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff Impact: The issue could lead to request smuggling in cases where Pingora’s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection. | |||||