CVE-2026-1467 Libsoup: libsoup: http header injection via specially crafted urls when an http proxy is configured

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

CVE-2026-1467

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

EUVD-2026-4809

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

CVE-2026-1467

Libsoup contains a CRLF injection vulnerability (CVE-2026-1467) in which URL-decoded input used to form the Host header can be manipulated when an HTTP proxy is configured. A remote attacker can craft a URL with CRLF sequences to inject extra HTTP headers or request bodies, potentially affecting ...

CVE-2026-1467 Libsoup: libsoup: http header injection via specially crafted urls when an http proxy is configured

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

CVE-2026-1467

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

CVE-2026-1467

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

CVE-2026-23888

A flaw was found in pnpm, a package manager. A path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. This can occur through malicious ZIP entries containing directory traversal sequences ../ or absolute paths, or ...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the repoName parameter, when the TAP 4 map file content is externally controlled. An attacker can write files outside the intended cache base directory by supplying a crafted value containing directory traversal...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the repoName parameter, when the TAP 4 map file content is externally controlled. An attacker can write files outside the intended cache base directory by supplying a crafted value containing directory traversal...

CVE-2026-24489

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...

CVE-2026-24479

HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problemimportqduoj.php and problemimporthoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a malicious ZIP file...

CVE-2026-24479 HUSTOJ has Arbitrary File Write (Zip Slip) in Problem Import Modules that leads to RCE

HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problemimportqduoj.php and problemimporthoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a malicious ZIP file...

EUVD-2026-4836

HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problemimportqduoj.php and problemimporthoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a malicious ZIP file...

CVE-2026-24479 HUSTOJ has Arbitrary File Write (Zip Slip) in Problem Import Modules that leads to RCE

HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problemimportqduoj.php and problemimporthoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a malicious ZIP file...

CVE-2026-24479

HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problemimportqduoj.php and problemimporthoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a malicious ZIP file...

CVE-2026-24479 HUSTOJ has Arbitrary File Write (Zip Slip) in Problem Import Modules that leads to RCE

HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problemimportqduoj.php and problemimporthoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a malicious ZIP file...

CVE-2026-24479

Summary (CVE-2026-24479): HUSTOJ (open source online judge) before version 26.01.24 is vulnerable to a Zip Slip-like flaw in the problem_import_qduoj.php and problem_import_hoj.php modules. A malicious ZIP file can contain path traversal sequences (e.g., ../../shell.php) that, when extracted on t...

CVE-2026-24489

Gakido is a Python HTTP client vulnerable to HTTP header injection (CRLF/NULL) in versions prior to 0.1.1. The vulnerability arises from user-controlled header names/values not being sanitized, allowing an attacker to inject arbitrary headers into requests. The fix added in 0.1.1 provides a dedic...

CVE-2026-24489

Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF Carriage Return Line Feed sequences in user-supplied header values and names. When making HTTP...