Lucene search
K

48 matches found

RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-47692

A flaw was found in Envoy. The PROXY Protocol v2 header generator can emit data beyond the maximum allowed length, leading to a mismatch between the actual bytes sent and the length specified in the header. An attacker on an adjacent network could exploit this to smuggle bytes into upstream...

4.8CVSS5.6AI score0.00218EPSS
Exploits0References4
NVD
NVD
added last week8 views

CVE-2026-47692

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the maximum length of 65535 bytes, causing a mismatch between bytes written and the length field in th...

4.8CVSS0.00218EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/15 8:20 p.m.15 views

python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters

Summary parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=..., and the filename0/filename1 continuation form is decoded and surfaced...

5.3CVSS5.3AI score0.00177EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/13 8:41 p.m.3 views

EUVD-2026-11701

Undici has CRLF Injection in undici via upgrade option...

4.6CVSS5.8AI score0.00256EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/13 8:41 p.m.9 views

Undici has CRLF Injection in undici via `upgrade` option

Impact When an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: 1. Inject arbitrary HTTP headers 2. Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/12 9:16 p.m.10 views

CVE-2026-1527

ImpactWhen an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: Inject arbitrary HTTP headers Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...

4.6CVSS0.00256EPSS
Exploits0References3
OSV
OSV
added 2026/03/12 9:16 p.m.5 views

CVE-2026-1527

ImpactWhen an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: Inject arbitrary HTTP headers Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...

4.6CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2026/03/12 9:16 p.m.7 views

UBUNTU-CVE-2026-1527

ImpactWhen an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: Inject arbitrary HTTP headers Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/12 8:17 p.m.27 views

CVE-2026-1527 undici is vulnerable to CRLF Injection via upgrade option

ImpactWhen an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: Inject arbitrary HTTP headers Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...

4.6CVSS0.00256EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/12 8:17 p.m.6 views

CVE-2026-1527 undici is vulnerable to CRLF Injection via upgrade option

ImpactWhen an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: Inject arbitrary HTTP headers Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/12 8:17 p.m.10 views

CVE-2026-1527

ImpactWhen an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: Inject arbitrary HTTP headers Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References4
CVE
CVE
added 2026/03/12 8:17 p.m.31 views

CVE-2026-1527

Undici (Node.js HTTP client) is vulnerable to a CRLF injection via the upgrade option in client.request() when user-controlled input is passed to the upgrade value. The root cause is that the upgrade value is written directly to the socket without validating header characters, allowing an attacke...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-6558

Malware in sbrugna...

5.9CVSS6.1AI score0.02477EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-1645

Malware in sbrugna...

7.5CVSS7.6AI score0.03182EPSS
Exploits4References23
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1192

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00695EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/04/12 3:31 a.m.4 views

SUSE CVE-2025-1386

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.3CVSS6.8AI score0.00342EPSS
Exploits0References4
OSV
OSV
added 2025/02/04 7:21 a.m.4 views

BIT-MLFLOW-2024-1593 Path Traversal via Parameter Smuggling in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...

7.5CVSS7.4AI score0.00695EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/04/16 12:30 a.m.19 views

mlflow vulnerable to Path Traversal

A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...

7.5CVSS7.5AI score0.00695EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/04/16 12:15 a.m.10 views

CVE-2024-1593

A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...

7.5CVSS7.5AI score0.00695EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.16 views

CVE-2024-1593 Path Traversal via Parameter Smuggling in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. Th...

7.5CVSS6.8AI score0.00695EPSS
Exploits1References1
Rows per page
Query Builder