Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`
vLLM: OpenAI auth bypass
Python-Multipart: Semicolon treated as querystring field separator enables parameter smuggling
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities
PHP Standard Library: HTTP/2 server-side missing content-length validation enables request smuggling
Tinyproxy - HTTP Request Smuggling via Duplicate Content-Length Headers
Tinyproxy - HTTP Request Smuggling via CL/TE Desynchronization
Netty's HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted
Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
HTTP request smuggling in Kong Enteprise Gateway
Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux
Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing
In Vinyl Cache before 9
HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing
cpp-httplib: HTTP header value percent-decoding in server-side `parse_header` enables CRLF injection
Libsoup: libsoup: http request smuggling via unsigned to signed conversion error
Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using when using Web Server...
Netty: HTTP Request Smuggling due to malformed Transfer-Encoding
Showing 1 - 20 of 1,000+ results