Weaknesses of type CWE-444
235 resultsCVE-2025-53643LOWAIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sectionsEPSS 0.3%CVE-2023-30910MEDIUMHPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. EPSS 0.3%CVE-2026-45372CRITICALcpp-httplib: HTTP header value percent-decoding in server-side `parse_header` enables CRLF injectionEPSS 0.3%CVE-2025-11915MEDIUMHTTP Desynchronisation in Vertex AI for certain third-party modelsEPSS 0.3%CVE-2026-34525MEDIUMAIOHTTP: Duplicate Host header acceptedEPSS 0.3%CVE-2024-21281MEDIUMVulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure). ThEPSS 0.3%CVE-2025-30346MEDIUMVarnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.EPSS 0.3%CVE-2026-8620HIGHIBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using when using Web Server Plug-insEPSS 0.3%CVE-2025-41235HIGHCVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted ProxiesEPSS 0.3%CVE-2026-20069MEDIUMCisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Client-Side Request Smuggling VulnerabilityEPSS 0.3%CVE-2026-48979HIGHPHP Standard Library: HTTP/2 server-side missing content-length validation enables request smugglingEPSS 0.3%CVE-2024-42342MEDIUMLoway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')EPSS 0.3%CVE-2026-47676MEDIUMHono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded pathsEPSS 0.3%CVE-2026-6338MEDIUMHTTP request smuggling in Kong Enteprise GatewayEPSS 0.3%CVE-2025-54142MEDIUMAkamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequeEPSS 0.2%CVE-2026-42585MEDIUMNetty: HTTP Request Smuggling due to malformed Transfer-EncodingEPSS 0.2%CVE-2025-52892MEDIUMEspoCRM is vulnerable to access denial through double slash in URI corrupting router cacheEPSS 0.2%CVE-2025-69225LOWAIOHTTP Regex Mismatch Allows Unicode in ASCII-Only Protocol FieldsEPSS 0.2%CVE-2025-66373MEDIUMAkamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smugglEPSS 0.2%CVE-2026-50020MEDIUMNetty's HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permittedEPSS 0.2%