MEDIUM

CVE-2026-9256 NGINX ngx_http_rewrite_module vulnerability

Microsoft Security Response Center • May 27, 2026

MEDIUM

CVE-2026-44431 urllib3: Sensitive headers forwarded across origins in proxied low-level redirects

Microsoft Security Response Center • May 16, 2026

MEDIUM

RHSA-2026:15968: Moderate: libsoup3 security update

Red Hat Errata • May 11, 2026

MEDIUM

CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers

Microsoft Security Response Center • Apr 29, 2026

MEDIUM

CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies

Microsoft Security Response Center • Apr 11, 2026

MEDIUM

CVE-2026-1965 bad reuse of HTTP Negotiate connection

Microsoft Security Response Center • Apr 14, 2026

MEDIUM

CVE-2026-3644 Incomplete control character validation in http.cookies

Microsoft Security Response Center • Apr 15, 2026

MEDIUM

CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF

Microsoft Security Response Center • Apr 15, 2026

MEDIUM

CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain

Microsoft Security Response Center • Apr 15, 2026

HIGH

HAProxy HTTP/3 -> HTTP/1 Desync: Cross-Protocol Smuggling via a Standalone QUIC FIN (CVE-2026-33555)

Reddit r/netsec • Apr 16, 2026

HIGH

Cisco Identity Services Engine Remote Code Execution Vulnerabilities

Cisco Security • Apr 15, 2026

MEDIUM

Cisco Secure Web Appliance Authentication Bypass Vulnerability

Cisco Security • Apr 15, 2026

MEDIUM

Fixing request smuggling vulnerabilities in Pingora OSS deployments

Cloudflare Blog • Mar 09, 2026

MEDIUM

The Forgotten Bug: How a Node.js Core Design Flaw Enables HTTP Request Splitting

Reddit r/netsec • Feb 27, 2026

INFO

Http11Probe - Probe for Http 1.1 compliance

Reddit r/netsec • Feb 10, 2026