Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-444

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Parent: CWE-436 - Interpretation Conflict

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

315 vulnerabilities with CWE-444

CVE-2026-20069 MEDIUM

Cisco ASA/FTD - XSS

CVE-2026-26365 MEDIUM

Akamai Ghost - HTTP Request Smuggling

CVE-2026-1801 MEDIUM

CVE-2026-1760 MEDIUM

SoupServer - HTTP Request Smuggling

CVE-2026-1002 MEDIUM

Eclipse Vert.x-web < 4.5.23 - HTTP Request Smuggling

CVE-2026-23527 HIGH

H3 <1.15.5 - SSRF

CVE-2025-31958 LOW

HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling

CVE-2025-65114 HIGH

Apache Traffic Server: Malformed chunked message body allows request smuggling

CVE-2025-12811 MEDIUM

Delinea Cloud Suite - HTTP Request Smuggling

CVE-2025-55018 MEDIUM

Fortinet FortiOS <7.6.0 - SSRF

CVE-2025-41082 MEDIUM

Altitude Communication Server - SSRF

CVE-2025-69225 MEDIUM

Aiohttp < 3.13.3 - HTTP Request Smuggling

CVE-2025-69224 MEDIUM

Aiohttp < 3.13.3 - HTTP Request Smuggling

CVE-2025-12874 MEDIUM

Quest Coexistence Manager for Notes <3.8.2045 - SSRF

CVE-2025-14523 HIGH

libsoup - Host Header Manipulation

CVE-2025-61258 HIGH

Outsystems Platform Server <11.18.1.37828 - DoS

CVE-2025-66373 MEDIUM

Akamai Ghost <2025-11-17 - SSRF

CVE-2025-12642 CRITICAL

lighttpd1.4.80 - SSRF

CVE-2025-11915 MEDIUM

HTTP Proxy - Info Disclosure

CVE-2025-55315 CRITICAL

ASP.NET Core - SSRF

CVE-2025-61884 HIGH KEV

Oracle Configurator < 12.2.14 - SSRF

CVE-2025-59822 HIGH

Typelevel Http4s < 0.23.31 - HTTP Request Smuggling

CVE-2025-6999 MEDIUM

WatchGuard Fireware OS <12.11.2 - XSS

CVE-2025-56266 CRITICAL

Avigilon Access Control Manager - HTTP Request Smuggling

CVE-2025-58056 HIGH

Netty < 4.1.125 - HTTP Request Smuggling

Previous Page 2 of 13 Next

Details

Vulnerabilities 315

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy