Lucene search
K

2442 matches found

Snyk
Snyk
added 2026/04/22 8:25 p.m.11 views

HTTP Response Splitting

Overview i18next-http-middleware is an i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Affected versions of this package are vulnerable to HTTP Response Splitting via the lng parameter, which is passed through to the...

8.8CVSS5.6AI score0.00327EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/22 8:25 p.m.15 views

i18next-http-middleware: HTTP response splitting and DoS via unsanitised Content-Language header

Summary Versions of i18next-http-middleware prior to 3.9.3 wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which is an HTML-entity encoder that does not strip carriage return, line feed, or other control characters. When the...

8.6CVSS5.9AI score0.00327EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/04/14 11:27 p.m.11 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.6 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.8 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.6 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.8 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.6 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.13 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 8:8 p.m.9 views

HTTP Response Splitting

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to HTTP Response Splitting via the parseTokens header processing path in lib/core/AxiosHeaders.js. An attacker can smuggle HTTP requests or inject arbitrary headers by...

9CVSS5.9AI score0.01815EPSS
Exploits5References2
Snyk
Snyk
added 2026/04/10 8:8 p.m.5 views

HTTP Response Splitting

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to HTTP Response Splitting via the parseTokens header processing path in lib/core/AxiosHeaders.js. An attacker can smuggle HTTP requests or inject arbitrary...

9CVSS6.1AI score0.01815EPSS
Exploits5References2
Snyk
Snyk
added 2026/04/08 12:17 a.m.4 views

HTTP Response Splitting

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Response Splitting via the setCookie function. An attacker can cause runtime errors and potentially disrupt application behavior by supplying specially crafted input as the cookie...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/01 9:48 p.m.5 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the reason parameter in the HTTP response creation process. An attacker can inject unauthorized headers or manipulate the HTTP response by supplying specially crafted input containing carriage return...

6.9CVSS5.9AI score0.00292EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/01 8:26 p.m.3 views

CVE-2026-34519 AIOHTTP: HTTP response splitting via \r in reason phrase

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS5.7AI score0.00292EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 12:59 p.m.13 views

CVE-2025-55271

CVE-2025-55271 affects HCL Aftermarket DPC via HTTP Response Splitting vulnerability. The available connected documents describe that an attacker may be able to execute arbitrary commands or inject harmful content depending on how the web application handles split responses. The PT-2026-28296 ent...

8.8CVSS6.1AI score0.00318EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.9 views

EulerOS Virtualization 2.12.0 : httpd (EulerOS-SA-2026-1487)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped quer...

9.1CVSS7.1AI score0.03914EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.14 views

PT-2026-36815

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.67 Description HTTP response splitting occurs in multiple Apache HTTP Server modules when interacting with untrusted or compromised backend servers. This issue allows an attacker to split an HTTP...

9.8CVSS5.7AI score0.99957EPSS
Exploits40References154
RedhatCVE
RedhatCVE
added 2026/02/20 1:25 p.m.7 views

CVE-2025-8350

Execution After Redirect EAR, Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting.This issue affects BiEticaret CMS: from 2.1.13 through 19022026. NOTE: The vendor was contacted...

9.8CVSS5.5AI score0.00547EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 12:16 p.m.7 views

CVE-2025-8350

Execution After Redirect EAR, Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting. This issue affects BiEticaret CMS: from 2.1.13 through 19022026. NOTE: The vendor was contacted...

9.8CVSS0.00547EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/19 11:30 a.m.5 views

CVE-2025-8350 Authentication Bypass with Redirect in BiEticaret Software's BiEticaret CMS

Execution After Redirect EAR, Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting. This issue affects BiEticaret CMS: from 2.1.13 through 19022026. NOTE: The vendor was contacted...

9.8CVSS5.5AI score0.00547EPSS
Exploits0References2
Rows per page
Query Builder