Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2023-07-06 CVE-2023-26137 HTTP Request Smuggling vulnerability in Drogon
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions.
network
low complexity
drogon CWE-444
6.1
2023-05-30 CVE-2023-33193 HTTP Request Smuggling vulnerability in Emby Emby.Releases
Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices.
network
low complexity
emby CWE-444
critical
9.1
2023-04-11 CVE-2023-25950 HTTP Request Smuggling vulnerability in Haproxy
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request.
network
low complexity
haproxy CWE-444
7.3
2023-04-04 CVE-2023-27493 HTTP Request Smuggling vulnerability in Envoyproxy Envoy
Envoy is an open source edge and service proxy designed for cloud-native applications.
network
low complexity
envoyproxy CWE-444
critical
9.1
2023-04-04 CVE-2023-27491 HTTP Request Smuggling vulnerability in Envoyproxy Envoy
Envoy is an open source edge and service proxy designed for cloud-native applications.
network
low complexity
envoyproxy CWE-444
critical
9.1
2023-01-20 CVE-2023-23691 HTTP Request Smuggling vulnerability in Dell products
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability.
network
low complexity
dell CWE-444
8.8
2023-01-13 CVE-2022-41721 HTTP Request Smuggling vulnerability in Golang H2C
A request smuggling attack is possible when using MaxBytesHandler.
network
low complexity
golang CWE-444
7.5
2022-12-05 CVE-2022-35256 HTTP Request Smuggling vulnerability in multiple products
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF.
network
low complexity
nodejs llhttp siemens debian CWE-444
6.5
2022-11-23 CVE-2022-38114 HTTP Request Smuggling vulnerability in Solarwinds Security Event Manager
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests.
network
low complexity
solarwinds CWE-444
6.1
2022-11-09 CVE-2022-45059 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1.
7.5