http request smuggling

CVE-2026-3633 is a reminder that the most dangerous bugs are not always memory corruptions or flashy remote code execution chains; sometimes they are one malformed string away from letting an attacker reshape an HTTP request. In libsoup, a remote attacker who controls the method parameter passed...

Siemens has issued an urgent update for the RUGGEDCOM APE1808 industrial edge platform after coordinated advisories republished by Siemens ProductCERT and U.S. authorities identified multiple high‑severity vulnerabilities — including CVE‑2026‑24858 and three distinct CVE entries from 2025 — that...

BusyBox’s wget client contains a parsing flaw that lets specially crafted URLs embed raw control characters and even space characters in the HTTP request-target (path/query), allowing the HTTP request-line to be split and attacker-controlled headers to be injected — a vulnerability tracked as...

QNAP has issued an urgent security advisory after Microsoft disclosed a critical ASP.NET Core vulnerability that can be abused for HTTP request smuggling (CVE-2025-55315), and administrators should treat NetBak PC Agent installations as potentially exposed until the appropriate ASP.NET Core...

Microsoft has released emergency fixes for a severe ASP.NET Core vulnerability — a Kestrel HTTP request‑smuggling/security‑feature bypass tracked as CVE‑2025‑55315 and flagged with a near‑maximum CVSS v3.1 score of 9.9 — and developers and operators are being urged to patch immediately, assess...

Inside the ABB M2M Gateway Vulnerabilities: A Deep Dive into Risk and Remedies In the rapidly evolving landscape of industrial control systems (ICS), security vulnerabilities have become critical concerns—not just for specialized engineers but also for IT administrators and cybersecurity...