Lucene search
K

23 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.9 views

EulerOS 2.0 SP13 : busybox (EulerOS-SA-2026-2324)

According to the versions of the busybox packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line...

6.5CVSS7.2AI score0.00258EPSS
Exploits1References2
OSV
OSV
added 2026/05/19 5:20 p.m.8 views

SUSE-SU-2026:21823-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2026-1642: plain text data injection into the response from an upstream proxied server bsc1257675. - CVE-2026-27654: buffer overflow in the NGINX worker process via the ngxhttpdavmodule module bsc1260416. - CVE-2026-27784: NGINX worker memor...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References11
CloudLinux
CloudLinux
added 2026/05/14 7:23 p.m.16 views

python: Fix of 4 CVEs

CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...

6.1CVSS6.9AI score0.05328EPSS
Exploits1
CVE
CVE
added 2026/05/05 7:45 a.m.17 views

CVE-2026-43870

Apache Thrift (before 0.23.0) contains multiple issues: Origin Validation Error, Path Traversal (improper limitation of a pathname to a restricted directory), HTTP header CRLF-related splitting, and uncontrolled resource consumption. Upgrade to 0.23.0 to fix. Exploitation status is not provided i...

7.3CVSS5.8AI score0.00394EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/04/29 9:6 p.m.110 views

security-advisories

Security Advisories Public write-ups and PoCs for CVEs I've d...

8.8CVSS5.4AI score0.00448EPSS
Exploits7
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.5 views

PT-2026-30675

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where user-supplied values for from.name, subject, custom header keys/values, and attachment filenames were interpolated directly into raw MIME...

8.5CVSS6.1AI score0.00194EPSS
Exploits2References2
Amazon
Amazon
added 2026/04/01 12:0 a.m.5 views

Important: nodejs22

Issue Overview: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted:...

9.8CVSS7.2AI score0.0115EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-1536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into t...

5.8CVSS6.1AI score0.00298EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.4 views

Fedora 43 : cpp-httplib (2026-e50e41fcea)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e50e41fcea advisory. Update to 0.30.1 - Denial of service DOS using zip bomb CVE-2026-22776 - CRLF injection in http headers CVE-2026-21428 - Untrusted HTTP Header...

10CVSS5.7AI score0.00372EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Fedora 42 : cpp-httplib (2026-3b0e5b457d)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3b0e5b457d advisory. Update to 0.30.1 - Denial of service DOS using zip bomb CVE-2026-22776 - CRLF injection in http headers CVE-2026-21428 - Untrusted HTTP Header...

10CVSS5.7AI score0.00603EPSS
Exploits6References7
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.10 views

RockyLinux 9 : nodejs:18 (RLSA-2023:2654)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2654 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-49...

8.6CVSS7.1AI score0.02209EPSS
Exploits5References17
CVE
CVE
added 2025/10/10 4:48 p.m.10 views

CVE-2025-61689

CVE-2025-61689 affects the Julia HTTP client/server library HTTP.jl. Prior to version 1.10.19, it failed to validate illegal characters in header names/values, enabling CRLF-based header injection and response splitting. Reported impact includes cache poisoning, XSS, and session fixation. The iss...

9.2CVSS6.8AI score0.00311EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-31150

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than...

6.5CVSS6.6AI score0.01158EPSS
Exploits1References2
CVE
CVE
added 2025/08/25 9:4 p.m.74 views

CVE-2025-57804

CVE-2025-57804 affects the Python package h2 (HTTP/2 protocol stack). Prior to version 4.3.0, it allows HTTP/2 request splitting via CRLF injection in headers when servers downgrade HTTP/2 requests to HTTP/1.1 without validating header names/values. This can enable attackers to manipulate request...

6.9CVSS7.1AI score0.0161EPSS
Exploits0References3
Hacker One
Hacker One
added 2023/09/13 9:53 p.m.20 views

Mozilla: Security bug https://bugzilla.mozilla.org/oauth/authorize - CRLF Header injection via "redirect_uri" parameter

A cross-site scripting vulnerability was found in the "redirecturi" parameter of the OAuth authorization endpoint at https://bugzilla.mozilla.org/oauth/authorize that allowed arbitrary HTTP response headers to be injected through carriage return and line feed encoding in the parameter value,...

6.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/06/01 12:0 a.m.2 views

PT-2023-6702 · Tp Link · Tp-Link Tapo C100

Name of the Vulnerable Software and Affected Versions: TP-Link Tapo C100 versions 1.1.15 Build 211130 Rel.15378n4555 and before Description: The issue is related to the HTTP service of the TP-Link Tapo C100 IP camera's firmware, specifically with the handling of CRLF sequences in HTTP headers. Th...

6.5CVSS6.2AI score0.00334EPSS
Exploits2References9
BDU FSTEC
BDU FSTEC
added 2023/01/31 12:0 a.m.4 views

The vulnerability of the mod_proxy module in the Apache HTTP Server allows attackers to perform attacks that involve splitting HTTP responses.

The vulnerability of the modproxy module in the Apache HTTP Server is related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a remote attacker to perform attacks that involve splitting HTTP responses...

5.3CVSS6.7AI score0.57941EPSS
Exploits0References17Affected Software9
BDU FSTEC
BDU FSTEC
added 2020/07/09 12:0 a.m.4 views

The vulnerability of the Ceph storage system, related to the failure to handle CRLF sequences in HTTP headers, allows attackers to inject arbitrary HTTP headers.

The vulnerability of the Ceph storage system is related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTTP headers, such as Set-Cookie, in order to install arbitrary cookie files...

4.3CVSS7AI score0.01627EPSS
Exploits0References12Affected Software6
BDU FSTEC
BDU FSTEC
added 2017/03/23 12:0 a.m.6 views

The vulnerability of the McAfee VirusScan Enterprise anti-virus software allows a hacker to obtain confidential information.

The vulnerability of the McAfee VirusScan Enterprise antivirus software arises from the failure to handle CRLF sequences in headers properly. Exploiting this vulnerability can allow a remote attacker to obtain confidential information...

6.8CVSS7.5AI score0.08673EPSS
Exploits4References3Affected Software1
OSV
OSV
added 2016/09/02 2:59 p.m.1 views

DEBIAN-CVE-2016-5699

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython aka Python before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL...

6.1CVSS7.4AI score0.09887EPSS
Exploits3References1
Rows per page
Query Builder