884 matches found
CVE-2025-27901
CVE-2025-27901 affects IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002. The vulnerability stems from improper validation of input in the HOST header, enabling HTTP header injection. This could allow an attacker to perform cross-site scripting, cache poisoning, or session hijacking against the...
PT-2026-20234
Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 Description IBM DB2 Recovery Expert for Linux, UNIX and Windows is susceptible to HTTP header injection due to insufficient input validation of the HOST headers. This flaw potentially enables...
SHARP MFPs HTTP Header Injection (CVE-2024-47549)
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser. This plugin only works wi...
Ubuntu: Security Advisory (USN-8020-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EPSON Printers HTTP Request/Response Splitting (CVE-2018-0689)
HTTP header injection vulnerability in SEIKO EPSON printers and scanners DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to...
CVE-2024-51451 Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...
CVE-2024-51451 Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...
📄 Gakido CRLF Injection
A vulnerability was discovered in Gakido that allowed HTTP header injection through CRLF sequences in user-supplied header values and names. Versions prior to 0.1.1 are affected. Gakido - CRLF Injection Advisory ID: RO-26-005 CVE ID: CVE-2026-24489 Severity: Medium Vendor: HappyHackingSpace...
AZL-76370 CVE-2026-1536 affecting package libsoup for versions less than 3.4.4-12
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...
Linux Distros Unpatched Vulnerability : CVE-2026-1536
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into t...
Gakido injection vulnerability
Gakido is a high-performance HTTP client developed by Happy Hacking Space. Versions of Gakido prior to 0.1.1 contained an injection vulnerability. This vulnerability stemmed from CRLF sequences present in the header values and names provided by users, which could lead to HTTP header injection...
BIT-PYTHON-2026-0672 Header injection in http.cookies.Morsel
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...
openSUSE 16 Security Update : busybox (openSUSE-SU-2026:20090-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20090-1 advisory. Security fixes: - CVE-2025-60876: HTTP request header injection in wget bsc1253245. - CVE-2025-46394: Fixed tar hidden files via escape sequence...
SUSE-SU-2026:20134-1 Security update for busybox
This update for busybox fixes the following issues: Security fixes: - CVE-2025-60876: HTTP request header injection in wget bsc1253245. - CVE-2025-46394: Fixed tar hidden files via escape sequence bsc1241661. Other fixes: - Set CONFIGFIRSTSYSTEMID to 201 to avoid confclict bsc1236670 - Fix unshar...
OPENSUSE-SU-2026:20090-1 Security update for busybox
This update for busybox fixes the following issues: Security fixes: - CVE-2025-60876: HTTP request header injection in wget bsc1253245. - CVE-2025-46394: Fixed tar hidden files via escape sequence bsc1241661. Other fixes: - Set CONFIGFIRSTSYSTEMID to 201 to avoid confclict bsc1236670 - Fix unshar...
UBUNTU-CVE-2026-0672
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...
CVE-2026-0865 wsgiref.headers.Headers allows header newline injection
User-controlled header names and values containing newlines can allow injecting HTTP headers...
MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.261-2.6.22.1.AXS4 (AXSA:2020-002:03)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-002:03 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...
MiracleLinux 7 : java-11-openjdk-11.0.7.10-4.el7 (AXSA:2020-011:04)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-011:04 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...
MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.151-1.b12.el7 (AXSA:2017-2339:07)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2339:07 advisory. Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to...