HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can
A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive informa
A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large fi
A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user ch
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in visualfc liteide (liteidex/src/3rdparty/qjsonrpc/src/http-parser modules). This vulnerability is assoc
An HTTP request smuggling vulnerability (CWE-444) was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, c
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Quest Coexistence Manager for Notes (Free/Busy Connector modules) allows HTTP Request Smuggling via th
An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due to improperly allowing HTTP/1.0 request bodies to
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in ithewei libhv allows HTTP Response Smuggling.This issue affects libhv: through 1.3.3.
A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is s
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsi
An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cro
An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, For
IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specia
A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to
A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing traile
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks.
Successful exploitation may allow an
Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Page 1+ Next →