Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-444 (HTTP请求的解释不一致性(HTTP请求私运)) — Vulnerability Class 160

160 vulnerabilities classified as CWE-444 (HTTP请求的解释不一致性(HTTP请求私运)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-69224 AIOHTTP's Unicode processing of header values could cause parsing discrepancies — aiohttp 7.5 -2026-01-05
CVE-2025-12874 HTTP Request Smuggling in Quest Coexistence Manager for Notes — Coexistence Manager for Notes 8.2AIHighAI2025-12-19
CVE-2023-53878 Member Login Script 3.3 Client-Side Request Desynchronization Vulnerability — Member Login Script 7.5AIHighAI2025-12-15
CVE-2025-14523 Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins) — Red Hat Enterprise Linux 10 8.2 High2025-12-11
CVE-2025-12642 HTTP Header Smuggling via Trailer Merge — lighttpd 6.5AIMediumAI2025-11-03
CVE-2025-11915 HTTP Desynchronisation in Vertex AI for certain third-party models — Vertex AI: Partner Models for MaaS 9.8AICriticalAI2025-10-22
CVE-2025-55315 ASP.NET Security Feature Bypass Vulnerability — ASP.NET Core 2.3 9.9 Critical2025-10-14
CVE-2025-59822 Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section — http4s 6.5AIMediumAI2025-09-23
CVE-2025-6999 WatchGuard Firebox Authentication Portal Request Smuggling Vulnerability — Fireware OS 6.1AIMediumAI2025-09-15
CVE-2025-58056 Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions — netty 7.4AIHighAI2025-09-03
CVE-2025-58068 Eventlet affected by HTTP request smuggling in unparsed trailers — eventlet 8.2 -2025-08-29
CVE-2025-54142 Akamai Ghost 环境问题漏洞 — AkamaiGhost 4.0 Medium2025-08-29
CVE-2025-32094 Akamai Ghost 环境问题漏洞 — AkamaiGhost 4.0 Medium2025-08-07
CVE-2025-52892 EspoCRM is vulnerable to access denial through double slash in URI corrupting router cache — espocrm 4.5 Medium2025-08-05
CVE-2025-53643 AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections — aiohttp 9.8 -2025-07-14
CVE-2025-49826 Next.js DoS vulnerability via cache poisoning — next.js 7.5 High2025-07-03
CVE-2025-49005 Next.js cache poisoning due to omission of Vary header — next.js 3.7 Low2025-07-03
CVE-2025-6442 Ruby WEBrick read_header HTTP Request Smuggling Vulnerability — WEBrick 5.9AIMediumAI2025-06-25
CVE-2025-4366 Request Smuggling Vulnerability in Pingora 7.5AIHighAI2025-05-22
CVE-2025-4600 HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation — Classic Application Load Balancer 7.5AIHighAI2025-05-16
CVE-2025-47905 Varnish Cache 安全漏洞 — Varnish Cache 5.4 Medium2025-05-13
CVE-2025-43859 h11 accepts some malformed Chunked-Encoding bodies — h11 9.1 Critical2025-04-24
CVE-2024-53868 Apache Traffic Server: Malformed chunked message body allows request smuggling — Apache Traffic Server 7.5AIHighAI2025-04-03
CVE-2025-31137 Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers — react-router 5.3 -2025-04-01
CVE-2022-39163 IBM Cognos Controller HTTP response smuggling — Cognos Controller 4.7 Medium2025-03-26
CVE-2025-30346 Varnish Cache和Varnish Enterprise 安全漏洞 — Varnish Cache 5.4 Medium2025-03-21
CVE-2024-10264 HTTP Request Smuggling in netease-youdao/qanything — netease-youdao/qanything 9.8 -2025-03-20
CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn — benoitc/gunicorn 9.8 -2025-03-20
CVE-2025-29904 JetBrains Ktor 环境问题漏洞 — Ktor 5.3 Medium2025-03-12
CVE-2025-1867 HTTP Response Smuggling Vulnerability in libhv — libhv 6.5 -2025-03-03

Vulnerabilities classified as CWE-444 (HTTP请求的解释不一致性(HTTP请求私运)) represent 160 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.