Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-444 (HTTP请求的解释不一致性(HTTP请求私运)) — Vulnerability Class 160

160 vulnerabilities classified as CWE-444 (HTTP请求的解释不一致性(HTTP请求私运)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers — Red Hat Enterprise Linux 10 3.7 Low2026-04-23
CVE-2025-31958 HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling — BigFix Service Management (SM) 3.7 Low2026-04-21
CVE-2026-2332 HTTP Request Smuggling via Chunked Extension Quoted-String Parsing — Eclipse Jetty 7.4 High2026-04-14
CVE-2026-24880 Apache Tomcat: Request smuggling via invalid chunk extension — Apache Tomcat 9.1AICriticalAI2026-04-09
CVE-2026-31842 Tinyproxy HTTP request parsing desynchronization via case-sensitive Transfer-Encoding handling — Tinyproxy 7.5 High2026-04-07
CVE-2025-65114 Apache Traffic Server: Malformed chunked message body allows request smuggling — Apache Traffic Server 7.5AIHighAI2026-04-02
CVE-2026-1491 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access Container 5.3 Medium2026-04-01
CVE-2026-2862 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access Container 5.3 Medium2026-04-01
CVE-2026-34441 cpp-httplib: HTTP Request Smuggling via Unconsumed GET Request Body — cpp-httplib 4.8 Medium2026-03-31
CVE-2026-33870 Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing — netty 7.5 High2026-03-27
CVE-2026-28369 Undertow: undertow: request smuggling via malformed http request headers — Red Hat build of Apache Camel for Spring Boot 4 8.7 High2026-03-27
CVE-2026-28367 Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator — Red Hat build of Apache Camel for Spring Boot 4 8.7 High2026-03-27
CVE-2026-28368 Undertow: undertow: request smuggling via inconsistent header parsing — Red Hat build of Apache Camel for Spring Boot 4 8.7 High2026-03-27
CVE-2026-4742 HTTP Request Smuggling in visualfc/liteide — liteide 6.5 -2026-03-24
CVE-2026-29057 Next.js: HTTP request smuggling in rewrites — next.js 9.1 -2026-03-18
CVE-2026-23941 Request smuggling via first-wins Content-Length parsing in inets httpd — OTP 8.2 -2026-03-13
CVE-2026-1525 undici is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') — undici 6.5 Medium2026-03-12
CVE-2026-32239 Cap'n Proto has an integer overflow in KJ-HTTP — capnproto 7.5AIHighAI2026-03-12
CVE-2026-2835 HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing — https://github.com/cloudflare/pingora 7.5AIHighAI2026-03-04
CVE-2026-2833 HTTP Request Smuggling via Premature Upgrade — https://github.com/cloudflare/pingora 7.5AIHighAI2026-03-04
CVE-2026-20069 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Client-Side Request Smuggling Vulnerability — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 4.3 Medium2026-03-04
CVE-2026-26365 Akamai Ghost 环境问题漏洞 — Ghost 4.0 Medium2026-02-23
CVE-2025-12811 Cloud Suite and Privilege Access Service– HTTP request smuggling vulnerability — Cloud Suite and Privileged Access Service 8.2AIHighAI2026-02-18
CVE-2025-55018 Fortinet FortiOS 环境问题漏洞 — FortiOS 5.2 Medium2026-02-10
CVE-2026-1801 Libsoup: libsoup: http request smuggling via malformed chunk headers — Red Hat Enterprise Linux 10 5.3 Medium2026-02-03
CVE-2026-1760 Libsoup: soupserver: denial of service via http request smuggling — Red Hat Enterprise Linux 10 5.3 Medium2026-02-02
CVE-2025-41082 HTTP Request/Response Smuggling in Altitude Communication Server — Altitude Communication Server 9.1AICriticalAI2026-01-26
CVE-2026-1002 Eclipse Vert.x Web static handler file access denial — Eclipse Vert.x 5.3AIMediumAI2026-01-15
CVE-2026-23527 h3 v1 has Request Smuggling (TE.TE) issue — h3 8.9 High2026-01-15
CVE-2025-69225 AIOHTTP Regex Mismatch Allows Unicode in ASCII-Only Protocol Fields — aiohttp 7.5 -2026-01-05

Vulnerabilities classified as CWE-444 (HTTP请求的解释不一致性(HTTP请求私运)) represent 160 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.