Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-22 | CVE-2023-52354 | HTTP Request Smuggling vulnerability in Blitiri Chasquid chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted. | 7.5 |
| 2024-01-08 | CVE-2023-51701 | HTTP Request Smuggling vulnerability in Fastify Reply-From fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. | 7.5 |
| 2024-01-08 | CVE-2024-21647 | HTTP Request Smuggling vulnerability in Puma Puma is a web server for Ruby/Rack applications built for parallelism. | 7.5 |
| 2023-12-12 | CVE-2023-49584 | HTTP Request Smuggling vulnerability in SAP Fiori Launchpad SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application. | 4.3 |
| 2023-11-28 | CVE-2023-46589 | HTTP Request Smuggling vulnerability in Apache Tomcat Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. | 7.5 |
| 2023-11-15 | CVE-2023-48365 | HTTP Request Smuggling vulnerability in Qlik Sense Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. | 9.9 |
| 2023-11-15 | CVE-2023-46121 | HTTP Request Smuggling vulnerability in Yt-Dlp Project Yt-Dlp yt-dlp is a youtube-dl fork with additional features and fixes. | 3.7 |
| 2023-11-14 | CVE-2023-47627 | HTTP Request Smuggling vulnerability in Aiohttp aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. | 7.5 |
| 2023-11-14 | CVE-2023-47641 | HTTP Request Smuggling vulnerability in Aiohttp aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. | 6.5 |
| 2023-11-03 | CVE-2023-46846 | HTTP Request Smuggling vulnerability in multiple products SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. | 5.3 |