EUVD-2026-31687

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

CVE-2026-47069

CVE-2026-47069 describes a CRLF Injection in the Hackney library. The vulnerability arises from hackney_cookie:setcookie/3: Name/Value are checked for CRLF, but the domain and path options are concatenated into the output iolist without validation. An attacker controlling either option (e.g., Hos...

CVE-2026-47069

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...

CVE-2026-47069 CRLF injection in cookie domain/path options in hackney

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...

CVE-2026-47069 CRLF injection in cookie domain/path options in hackney

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...

EUVD-2026-31683

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...

EEF-CVE-2026-47069 CRLF injection in cookie domain/path options in hackney

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the doma...

Security Bulletin: IBM Quantum Safe Explorer is affected by multiple vulnerabilites

Summary The vulnerabilities were found in dependent open source libraries used within IBM Quantum Safe Explorer code base. These issues have been addressed by updating the versions of affected libraries. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client...

Exploit for CVE-2026-36239

CVE-2026-36239 CVE-2026-36239: Authenticated RCE in PbootCMS v...

PT-2026-43218

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system...

PT-2026-43226

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...

PT-2026-43071

Name of the Vulnerable Software and Affected Versions hackney versions 0 through 4.0.0 Description Improper Neutralization of CRLF Sequences allows HTTP Request Splitting. The software fails to percent-encode carriage return r or line feed characters in the URL query component before constructing...

Security update for nginx (important)

openSUSE security update: security update for nginx ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20784-1 Rating: important References: bsc1257675 bsc1260416 bsc1260417 bsc1260418 bsc1260419 Cross-References: CVE-2026-1642 CVE-2026-27654...

PT-2026-43066

Name of the Vulnerable Software and Affected Versions hackney versions 0.9.0 through 4.0.0 Description Improper Neutralization of CRLF Sequences, also known as CRLF Injection, allows HTTP Response Splitting. The setcookie/3 function in src/hackney cookie.erl validates Name and Value arguments...

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 2.0.0 through 4.0.1, which stems from a failure to strip CRLF sequences in WebSocket upgrade code, which could lead to HTTP request/response splitting...

PT-2026-43069

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackney ws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the intern...

Directory Traversal

Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to Directory Traversal due to the file indexer failing to normalize the configured directory path. A backend user with permission to edit indexer...

APT-Agent: Automated Penetration Testing Using Large Language Models

Penetration testing is essential to securing modern web infrastructures, yet traditional manual methods struggle to keep pace with their scale and complexity. Large Language Models LLMs offer new opportunities for automating these tasks, but existing approaches face two persistent challenges:...

Directory Traversal

Overview org.springframework.ai:spring-ai-anthropic is an Anthropic models support Affected versions of this package are vulnerable to Directory Traversal via filename handling in the API support. An attacker can perform path traversal by supplying LLM-influenced filenames that are used unsanitiz...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j ( CVE-2026-34477, CVE-2026-34478, CVE-2026-34479 & CVE-2026-34480 )

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addresse...