CVE-2026-42874 Microdot: HTTP response splitting in Response.set_cookie()

Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection...

AlmaLinux 8 : nodejs:24 (ALSA-2026:7670)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7670 advisory. nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici: Undici:...

MiracleLinux 9 : python3.9-3.9.18-3.el9_4.5 (AXSA:2024-8758:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8758:05 advisory. cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection CVE-2024-6923 Tenable has extracted the preceding...

CVE-2021-27404

Askey RTF8115VW BRSVg11.11RTFTEF001V6.54V014 devices allow injection of a Host HTTP header...

CVE-2020-7611

All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client...

EUVD-2020-26266

Malware in sbrugna...

CVE-2024-46452

A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect victim users to a malicious site via a crafted URL...

CVE-2018-1000883

Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...

CVE-2025-46814

CVE-2025-46814 affects the FastAPI Guard library (pre-2.0.0) and describes an HTTP header injection via the X-Forwarded-For header. The underlying issue allows an attacker to inject arbitrary IP addresses into requests, potentially bypassing IP-based access controls, misleading logs, and imperson...

CVE-2025-30221

Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitchfork release 0.11.0. No known workarounds are available...

K000149883: PSR-7 header validation vulnerability CVE-2023-30536

Security Advisory Description slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the...

CVE-2024-38485

CVE-2024-38485 concerns Dell ECS before version 3.8.0, with a Host Header Injection vulnerability. A remote, low-privilege attacker could trigger redirections that may lead to disclosure of sensitive information. Public documents from NVD, CVE listings, and PT-2024-9646 describe the affected soft...

CVE-2024-30129 HCL Nomad server on Domino is affected by a host header injection vulnerability

The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address...

CVE-2022-41443

phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php...

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-839CyVDB-2300CyVDB-3109 Browse restriction bypass vulnerability in Cabinet CWE-284 - CVE-2022-32283 CyVDB-1795 Operation restriction bypass vulnerability in Project CWE-285 - CVE-2022-32544...

PT-2020-4723 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the Clientless SSL VPN WebVPN of Cisco Adaptive Securit...

DEBIAN-CVE-2020-10753

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the...

CVE-2020-6982

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution...

Network Management Card 6.2.0 - Host Header Injection

Exploit Title: Network Management Card 6.2.0 - Host Header Injection Google Dork: Date: 2019-11-21 Exploit Author: Amal E Thamban,Kamal Paul Vendor Homepage: https://www.apc.com/in/en/ Software Link: https://www.apc.com/shop/in/en/products/Network-Management-Card Version: v6.2.0 Tested on: Kali...

CVE-2019-1020006

invenio-app before 1.1.1 allows host header injection...