Vulnerabilities > Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

DATE CVE VULNERABILITY TITLE RISK
2023-07-19 CVE-2023-37276 HTTP Request Smuggling vulnerability in Aiohttp
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.
network
low complexity
aiohttp CWE-444
7.5
2023-07-06 CVE-2023-26137 HTTP Request Smuggling vulnerability in Drogon
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions.
network
low complexity
drogon CWE-444
6.1
2023-05-30 CVE-2023-33193 HTTP Request Smuggling vulnerability in Emby Emby.Releases
Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices.
network
low complexity
emby CWE-444
critical
9.1
2023-04-11 CVE-2023-25950 HTTP Request Smuggling vulnerability in Haproxy
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request.
network
low complexity
haproxy CWE-444
7.3
2023-04-04 CVE-2023-27493 HTTP Request Smuggling vulnerability in Envoyproxy Envoy
Envoy is an open source edge and service proxy designed for cloud-native applications.
network
low complexity
envoyproxy CWE-444
critical
9.1
2023-04-04 CVE-2023-27491 HTTP Request Smuggling vulnerability in Envoyproxy Envoy
Envoy is an open source edge and service proxy designed for cloud-native applications.
network
low complexity
envoyproxy CWE-444
critical
9.1
2023-03-07 CVE-2023-27522 HTTP Request Smuggling vulnerability in multiple products
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi.
network
low complexity
apache debian unbit CWE-444
7.5
2023-01-20 CVE-2023-23691 HTTP Request Smuggling vulnerability in Dell products
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability.
network
low complexity
dell CWE-444
8.8
2023-01-17 CVE-2022-36760 HTTP Request Smuggling vulnerability in Apache Http Server
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
network
high complexity
apache CWE-444
critical
9.0
2023-01-13 CVE-2022-41721 HTTP Request Smuggling vulnerability in Golang H2C
A request smuggling attack is possible when using MaxBytesHandler.
network
low complexity
golang CWE-444
7.5