Total
260 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46589 | 1 Apache | 1 Tomcat | 2025-08-07 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. | |||||
| CVE-2025-53628 | 1 Yhirose | 1 Cpp-httplib | 2025-08-06 | N/A | 8.8 HIGH |
| cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related to CVE-2025-53629. | |||||
| CVE-2025-4366 | 1 Cloudflare | 1 Pingora | 2025-08-06 | N/A | 6.1 MEDIUM |
| A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff Impact: The issue could lead to request smuggling in cases where Pingora’s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection. | |||||
| CVE-2024-10264 | 1 Youdao | 1 Qanything | 2025-08-01 | N/A | 9.8 CRITICAL |
| HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and potentially arbitrary code execution. | |||||
| CVE-2025-0752 | 1 Redhat | 1 Openshift Service Mesh | 2025-07-31 | N/A | 6.3 MEDIUM |
| A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy. | |||||
| CVE-2024-8912 | 1 Google | 1 Cloud Looker | 2025-07-30 | N/A | 7.5 HIGH |
| An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. There are two Looker versions that are hosted by Looker: * Looker (Google Cloud core) was found to be vulnerable. This issue has already been mitigated and our investigation has found no signs of exploitation. * Looker (original) was not vulnerable to this issue. Customer-hosted Looker instances were found to be vulnerable and must be upgraded. This vulnerability has been patched in all supported versions of customer-hosted Looker, which are available on the Looker download page https://download.looker.com/ . For Looker customer-hosted instances, please update to the latest supported version of Looker as soon as possible. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page: * 23.12 -> 23.12.123+ * 23.18 -> 23.18.117+ * 24.0 -> 24.0.92+ * 24.6 -> 24.6.77+ * 24.8 -> 24.8.66+ * 24.10 -> 24.10.78+ * 24.12 -> 24.12.56+ * 24.14 -> 24.14.37+ | |||||
| CVE-2024-32638 | 1 Apache | 1 Apisix | 2025-07-10 | N/A | 6.3 MEDIUM |
| Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue. | |||||
| CVE-2019-16869 | 4 Canonical, Debian, Netty and 1 more | 5 Ubuntu Linux, Debian Linux, Netty and 2 more | 2025-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. | |||||
| CVE-2022-39163 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-03 | N/A | 4.7 MEDIUM |
| IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks. | |||||
| CVE-2024-56523 | 1 Radware | 1 Cloud Waf | 2025-07-01 | N/A | 9.1 CRITICAL |
| Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method. | |||||
| CVE-2019-20444 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2025-07-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." | |||||
| CVE-2024-24795 | 6 Apache, Apple, Broadcom and 3 more | 7 Http Server, Macos, Fabric Operating System and 4 more | 2025-06-30 | N/A | 6.3 MEDIUM |
| HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue. | |||||
| CVE-2024-27439 | 1 Apache | 1 Wicket | 2025-06-27 | N/A | 6.5 MEDIUM |
| An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected. Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue. | |||||
| CVE-2024-33452 | 1 Openresty | 1 Lua-nginx-module | 2025-06-23 | N/A | 7.7 HIGH |
| An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request. | |||||
| CVE-2024-21088 | 1 Oracle | 1 E-business Suite | 2025-06-20 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component: Import Utility). Supported versions that are affected are 12.2.4-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Production Scheduling. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Production Scheduling accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). | |||||
| CVE-2023-52354 | 1 Blitiri | 1 Chasquid | 2025-06-17 | N/A | 7.5 HIGH |
| chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted. | |||||
| CVE-2024-12397 | 2025-06-10 | N/A | 7.4 HIGH | ||
| A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity. | |||||
| CVE-2024-27185 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | 9.1 CRITICAL |
| The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors. | |||||
| CVE-2024-23452 | 1 Apache | 1 Brpc | 2025-06-04 | N/A | 7.5 HIGH |
| Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting. One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server. Solution: You can choose one solution from below: 1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0 2. Apply this patch: https://github.com/apache/brpc/pull/2518 | |||||
| CVE-2025-41235 | 2025-05-30 | N/A | 8.6 HIGH | ||
| Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies. | |||||