CWE-444: CWE-444

This vulnerability in HyperLedger Fabric allows attackers to crash orderer nodes by sending specially crafted messages with invalid headers. It affect...

CVE-2021-41732 is an HTTP request splitting vulnerability in Zeek 4.1.0 that allows attackers to manipulate HTTP traffic analysis by injecting malicio...

CVE-2021-33056 is a denial-of-service vulnerability in Belledonne Belle-sip SIP stack where an invalid From header in a SIP message can cause a crash....

Apache Traffic Server incorrectly handles URL fragments, allowing attackers to poison the cache by manipulating fragment identifiers. This affects Apa...

CVE-2021-31922 is an HTTP request smuggling vulnerability in Pulse Secure Virtual Traffic Manager that allows attackers to bypass security controls by...

A parsing vulnerability in Quarkus-HTTP allows attackers to manipulate cookie values containing specific delimiter characters. This can lead to exfilt...

This vulnerability in Undertow allows attackers to manipulate cookie parsing to exfiltrate HttpOnly cookie values or inject arbitrary cookies. This ca...

This CVE describes an HTTP request smuggling vulnerability in Puma web server that allows attackers to bypass security controls by sending specially c...

This HTTP request smuggling vulnerability in HAProxy allows attackers to manipulate legitimate user requests by exploiting improper request/response h...

CVE-2022-31081 is an HTTP request smuggling vulnerability in HTTP::Daemon Perl library versions before 6.15. It allows attackers to bypass security co...

This vulnerability in VeridiumID VeridiumAD 2.5.3.0 allows any authenticated user to trigger push notifications for any other user and modify the noti...

HAProxy versions through multiple branches forward empty Content-Length headers, violating HTTP standards. This can cause HTTP/1 servers behind HAProx...

CVE-2025-69224 is a request smuggling vulnerability in AIOHTTP's Python HTTP parser that occurs when non-ASCII characters are present in requests. Thi...

This vulnerability in Node.js HTTP server allows HTTP request smuggling when a space precedes the Content-Length header. Attackers can inject a second...

This CVE describes an HTTP request smuggling vulnerability in Apache APISIX when using the forward-auth plugin. Attackers can exploit inconsistent HTT...

This HTTP request smuggling vulnerability in Fortinet FortiOS allows unauthenticated attackers to bypass firewall policies by sending specially crafte...

This vulnerability allows attackers to perform client-side desync attacks via HTTP/1 requests against Varnish Cache and Varnish Enterprise. Attackers ...

This HTTP Request Smuggling vulnerability in libsoup allows attackers to send specially crafted chunked requests that get misinterpreted as multiple H...

This HTTP request smuggling vulnerability in SoupServer allows remote attackers to send specially crafted requests that bypass normal request processi...

This vulnerability in Vert.x Web's static handler allows attackers to manipulate the cache to deny access to static files via specially crafted URIs. ...

AIOHTTP versions 3.13.2 and below contain a parser vulnerability that allows non-ASCII decimal characters in HTTP Range headers. This could potentiall...

CVE-2025-29904 is an HTTP request smuggling vulnerability in JetBrains Ktor framework versions before 3.1.1. This allows attackers to bypass security ...

This vulnerability in the resteasy-netty4 library allows HTTP request smuggling attacks using ASCII control characters. When exploited, it causes the ...

This vulnerability in the ch-go library allows an attacker to inject malicious query packets into ClickHouse connections when processing large uncompr...

CVE-2025-66373 is an HTTP request smuggling vulnerability in Akamai Ghost on Akamai CDN edge servers. It allows attackers to hide malicious requests i...

This vulnerability allows attackers to cause denial of service in Keycloak servers by sending malicious proxy headers that trigger expensive DNS resol...

A path traversal vulnerability in EspoCRM versions 9.1.6 and below allows attackers to corrupt the Slim router's cache by accessing URLs with double s...

This vulnerability allows an unauthenticated remote attacker to conduct browser-based attacks (like cross-site scripting) against users of affected Ci...

CVE-2026-26365 is an HTTP request smuggling vulnerability in Akamai Ghost on Akamai CDN edge servers. It allows attackers to send specially crafted HT...

This CVE describes an HTTP request smuggling vulnerability in Akamai Ghost that allows attackers to smuggle requests through an Akamai proxy to backen...

This HTTP request smuggling vulnerability in Akamai Ghost allows attackers to inject a second request within an HTTP/1.x OPTIONS request using obsolet...

This CVE describes an HTTP request smuggling vulnerability in Delinea's Cloud Suite and Privileged Access Service products. Attackers could exploit in...

This vulnerability allows attackers to send malformed HTTP requests that cause desynchronization between frontend and backend servers in Altitude Comm...

Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting...