Fallos del tipo CWE-444

234 resultados
CVE-2022-22536CRITICALSAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher EPSS 97.9%KEVCVE-2025-61884HIGHVulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected aEPSS 97.6%KEVCVE-2023-41265CRITICALAn HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 EPSS 85.0%KEVCVE-2023-25690CRITICALApache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxyEPSS 83.8%CVE-2022-32214The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP reEPSS 77.3%CVE-2021-33037Incorrect Transfer-Encoding handling with HTTP/1.0EPSS 75.4%CVE-2022-32215The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding heaEPSS 68.8%CVE-2025-55315CRITICALASP.NET Security Feature Bypass VulnerabilityEPSS 66.3%CVE-2019-15605HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformedEPSS 57.1%CVE-2022-21826Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request,EPSS 45.2%CVE-2021-23336MEDIUMWeb Cache PoisoningEPSS 37.3%CVE-2022-32213The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding heEPSS 35.1%CVE-2022-22720HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlierEPSS 28.2%CVE-2023-48365CRITICALQlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper valEPSS 24.7%KEVCVE-2017-7658In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when prEPSS 21.0%CVE-2021-21295MEDIUMPossible request smuggling in HTTP/2 due missing validationEPSS 18.9%CVE-2022-26377mod_proxy_ajp: Possible request smugglingEPSS 18.9%CVE-2024-41110CRITICALMoby authz zero length regressionEPSS 16.5%CVE-2020-8287Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-EEPSS 16.3%CVE-2017-7657In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabledEPSS 16.2%