Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2025-03-26 CVE-2022-39163 IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks.
network
high complexity
CWE-444
4.7
2025-03-21 CVE-2025-30346 HTTP Request Smuggling vulnerability in multiple products
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.
4.8
2025-01-28 CVE-2025-0752 A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6.
network
low complexity
CWE-444
6.3
2024-11-25 CVE-2024-9666 A vulnerability was found in the Keycloak Server.
local
high complexity
CWE-444
4.7
2024-10-08 CVE-2024-9622 A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques.
network
low complexity
CWE-444
5.3
2024-09-19 CVE-2024-45614 HTTP Request Smuggling vulnerability in Puma
Puma is a Ruby/Rack web server built for parallelism.
network
high complexity
puma CWE-444
5.4
2024-09-08 CVE-2024-42342 HTTP Request Smuggling vulnerability in Loway Queuemetrics 22.11.6/23.09/24.05
Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
network
low complexity
loway CWE-444
4.3
2024-06-10 CVE-2024-22279 HTTP Request Smuggling vulnerability in Cloudfoundry Cf-Deployment and Routing Release
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale.
network
low complexity
cloudfoundry CWE-444
7.5
2024-06-04 CVE-2024-23326 HTTP Request Smuggling vulnerability in Envoyproxy Envoy
Envoy is a cloud-native, open source edge and service proxy.
network
low complexity
envoyproxy CWE-444
8.2
2024-01-22 CVE-2023-52354 HTTP Request Smuggling vulnerability in Blitiri Chasquid
chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted.
network
low complexity
blitiri CWE-444
7.5