CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
291 vulnerabilities with CWE-444
CVE-2026-28497
TinyWeb <2.03 - HTTP Request Smuggling
CVE-2026-2835
Pingora - HTTP Request Smuggling
CVE-2026-2833
Pingora - HTTP Request Smuggling
CVE-2026-20069
MEDIUM
Cisco ASA/FTD - XSS
CVSS 4.3
CVE-2026-26365
MEDIUM
Akamai Ghost - HTTP Request Smuggling
CVSS 4.0
CVE-2025-12811
Delinea Cloud Suite - HTTP Request Smuggling
CVE-2025-55018
MEDIUM
Fortinet FortiOS <7.6.0 - SSRF
CVSS 5.8
CVE-2026-1801
MEDIUM
libsoup - SSRF
CVSS 5.3
CVE-2026-1760
MEDIUM
SoupServer - HTTP Request Smuggling
CVSS 5.3
CVE-2025-41082
Altitude Communication Server - SSRF
CVE-2026-1002
MEDIUM
Eclipse Vert.x-web < 4.5.23 - HTTP Request Smuggling
CVSS 5.3
CVE-2026-23527
HIGH
H3 <1.15.5 - SSRF
CVSS 8.9
CVE-2025-69225
MEDIUM
Aiohttp < 3.13.3 - HTTP Request Smuggling
CVSS 5.3
CVE-2025-69224
MEDIUM
Aiohttp < 3.13.3 - HTTP Request Smuggling
CVSS 6.5
CVE-2025-12874
Quest Coexistence Manager for Notes <3.8.2045 - SSRF
CVE-2023-53878
Member Login Script 3.3 - SSRF
CVE-2025-14523
HIGH
libsoup - Host Header Manipulation
CVSS 8.2
CVE-2025-61258
HIGH
Outsystems Platform Server <11.18.1.37828 - DoS
CVSS 7.5
CVE-2025-66373
MEDIUM
Akamai Ghost <2025-11-17 - SSRF
CVSS 4.8
CVE-2025-12642
CRITICAL
lighttpd1.4.80 - SSRF
CVSS 9.1
CVE-2025-11915
HTTP Proxy - Info Disclosure
CVE-2025-55315
CRITICAL
ASP.NET Core - SSRF
CVSS 9.9
CVE-2025-61884
HIGHKEV
Oracle Configurator < 12.2.14 - SSRF
CVSS 7.5
CVE-2025-59822
HIGH
Typelevel Http4s < 0.23.31 - HTTP Request Smuggling
CVSS 7.5
CVE-2025-6999
WatchGuard Fireware OS <12.11.2 - XSS
Details
Vulnerabilities
291