Lucene search
K

3433 matches found

CVE
CVE
added 2026/06/11 12:38 p.m.42 views

CVE-2026-49214

CVE-2026-49214 affects guzzlehttp/psr7 up to version 2.10.1. Versions prior to 2.10.2 do not reject ASCII control characters/whitespace/DEL in URI host components. If a user-controlled URL is used to build a PSR-7 Uri/Request and the host contains CRLF or similar, the host may be copied into the ...

5.3CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.12 views

CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

6.3CVSS5.6AI score0.00313EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 8:31 p.m.9 views

GHSA-46Q3-7GV7-QMGG Net::IMAP: Command Injection via ID command argument

Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...

5.8CVSS5.6AI score0.00131EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/09 6:36 p.m.15 views

Net::IMAP: Denial of Service via incomplete raw argument validation

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...

2.1CVSS5.7AI score0.00239EPSS
Exploits0References6Affected Software1
SUSE Linux
SUSE Linux
added 2026/06/09 8:14 a.m.12 views

Security update for netty, netty-tcnative

This update for netty, netty-tcnative fixes the following issues CVE-2026-41417: missing validations leads to HTTP request smuggling and RTSP request injection via start-line injection in DefaultHttpRequest.setUri bsc1264350. CVE-2026-42578: HTTP Header Injection via HttpProxyHandler Disabled...

8.8CVSS6.7AI score0.00969EPSS
Exploits11References48
OSV
OSV
added 2026/06/09 8:13 a.m.7 views

SUSE-SU-2026:2308-1 Security update for netty, netty-tcnative

This update for netty, netty-tcnative fixes the following issues - CVE-2026-41417: missing validations leads to HTTP request smuggling and RTSP request injection via start-line injection in DefaultHttpRequest.setUri bsc1264350. - CVE-2026-42578: HTTP Header Injection via HttpProxyHandler Disabled...

9.8CVSS6.8AI score0.00969EPSS
Exploits11References25
RubySec
RubySec
added 2026/06/09 12:0 a.m.12 views

Net::IMAP: Denial of Service via incomplete raw argument validation

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...

2.1CVSS5.7AI score0.00239EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48342

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.5.15 Net::IMAP versions prior to 0.6.5 Description The Net::IMAPid and Net::IMAPenable functions do not properly validate their arguments. When Net::IMAPid is called with a hash argument, it fails to prohibit CRLF...

5.8CVSS6.1AI score0.00131EPSS
Exploits0References8
OSV
OSV
added 2026/06/08 5:16 p.m.13 views

DEBIAN-CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

6.3CVSS5.5AI score0.00313EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 4:34 p.m.10 views

EEF-CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2

Summary Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cow\http\struct\hd:escape\string/2 in cowlib only escapes \ and ", passing...

6.3CVSS5.6AI score0.00313EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/08 3:20 p.m.44 views

CVE-2026-49756 Multipart form-data header injection in Req via unescaped name/filename/content_type

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encodeformpart/2 in lib/req/utils.ex builds the per-part headers by interpolating the caller-supplied name, filename, an...

2.1CVSS0.00178EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/08 3:20 p.m.13 views

EUVD-2026-35096

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encodeformpart/2 in lib/req/utils.ex builds the per-part headers by interpolating the caller-supplied name, filename, an...

2.1CVSS5.6AI score0.00178EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 3:20 p.m.4 views

CVE-2026-49756 Multipart form-data header injection in Req via unescaped name/filename/content_type

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encodeformpart/2 in lib/req/utils.ex builds the per-part headers by interpolating the caller-supplied name, filename, an...

2.1CVSS6AI score0.00178EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.12 views

req 注入漏洞

“req” is a simple Go HTTP client developed by a Roc individual using Black Magic. Versions of “req” from 0.5.3 to 0.6.0 had an injection vulnerability. This vulnerability stemmed from improper neutralization of CRLF sequences, which could lead to multipart parameter smuggling through parts of the...

2.1CVSS5.3AI score0.00178EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2026-1778)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1778 advisory. OOB Read via Integer Overflow on libsoup through libsoup/websocket/soup-websocket-connection.c via processframe leads to Undefined Behavior CVE-2026-0716 A flaw was found in libsoup, an HTTP...

8.6CVSS7.6AI score0.00947EPSS
Exploits4References18
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: ruby4.0

Issue Overview: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in...

9.8CVSS5.4AI score0.00813EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

Amazon Linux 2023 : ruby4.0, ruby4.0-bundled-gems, ruby4.0-default-gems (ALAS2023-2026-1806)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1806 advisory. Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause...

7.6CVSS5.6AI score0.00813EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-48861

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...

2.1CVSS5.7AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-32964

SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences 'CRLF Injection' vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration...

6.9CVSS7.2AI score0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.11 views

CVE-2026-42258

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

9.8CVSS5.3AI score0.00813EPSS
Exploits0References7
Rows per page
Query Builder