Lucene search
+L

884 matches found

cve
cve
added 2026/02/17 7:35 p.m.16 views

CVE-2025-27901

CVE-2025-27901 affects IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002. The vulnerability stems from improper validation of input in the HOST header, enabling HTTP header injection. This could allow an attacker to perform cross-site scripting, cache poisoning, or session hijacking against the...

6.5CVSS5.4AI score0.00168EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/02/17 12:0 a.m.15 views

PT-2026-20234

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 Description IBM DB2 Recovery Expert for Linux, UNIX and Windows is susceptible to HTTP header injection due to insufficient input validation of the HOST headers. This flaw potentially enables...

6.5CVSS5.4AI score0.00168EPSS
Exploits0References3
nessus
nessus
added 2026/02/17 12:0 a.m.6 views

SHARP MFPs HTTP Header Injection (CVE-2024-47549)

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser. This plugin only works wi...

7.4CVSS5.5AI score0.00338EPSS
Exploits0References4
openvas
openvas
added 2026/02/12 12:0 a.m.4 views

Ubuntu: Security Advisory (USN-8020-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS5.5AI score0.00312EPSS
Exploits2References2
nessus
nessus
added 2026/02/05 12:0 a.m.4 views

EPSON Printers HTTP Request/Response Splitting (CVE-2018-0689)

HTTP header injection vulnerability in SEIKO EPSON printers and scanners DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, EP-30VA firmware versions released prior to...

8.8CVSS8.2AI score0.01642EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/02/04 9:21 p.m.3 views

CVE-2024-51451 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

6.5CVSS5.6AI score0.00219EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/04 9:21 p.m.26 views

CVE-2024-51451 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

6.5CVSS0.00219EPSS
Exploits0References1
packetstorm
packetstorm
added 2026/02/02 12:0 a.m.158 views

📄 Gakido CRLF Injection

A vulnerability was discovered in Gakido that allowed HTTP header injection through CRLF sequences in user-supplied header values and names. Versions prior to 0.1.1 are affected. Gakido - CRLF Injection Advisory ID: RO-26-005 CVE ID: CVE-2026-24489 Severity: Medium Vendor: HappyHackingSpace...

5.3CVSS5.4AI score0.0036EPSS
Exploits1
osv
osv
added 2026/01/28 4:16 p.m.6 views

AZL-76370 CVE-2026-1536 affecting package libsoup for versions less than 3.4.4-12

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...

5.8CVSS6.1AI score0.00298EPSS
Exploits1References1
nessus
nessus
added 2026/01/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-1536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into t...

5.8CVSS6.3AI score0.00298EPSS
Exploits1References4
cnnvd
cnnvd
added 2026/01/27 12:0 a.m.8 views

Gakido injection vulnerability

Gakido is a high-performance HTTP client developed by Happy Hacking Space. Versions of Gakido prior to 0.1.1 contained an injection vulnerability. This vulnerability stemmed from CRLF sequences present in the header values and names provided by users, which could lead to HTTP header injection...

5.3CVSS5.8AI score0.0036EPSS
Exploits1References3
osv
osv
added 2026/01/26 2:50 p.m.14 views

BIT-PYTHON-2026-0672 Header injection in http.cookies.Morsel

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

6CVSS5.9AI score0.00401EPSS
Exploits0References10
nessus
nessus
added 2026/01/26 12:0 a.m.9 views

openSUSE 16 Security Update : busybox (openSUSE-SU-2026:20090-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20090-1 advisory. Security fixes: - CVE-2025-60876: HTTP request header injection in wget bsc1253245. - CVE-2025-46394: Fixed tar hidden files via escape sequence...

6.5CVSS6AI score0.00285EPSS
Exploits1References8
osv
osv
added 2026/01/22 4:57 p.m.3 views

SUSE-SU-2026:20134-1 Security update for busybox

This update for busybox fixes the following issues: Security fixes: - CVE-2025-60876: HTTP request header injection in wget bsc1253245. - CVE-2025-46394: Fixed tar hidden files via escape sequence bsc1241661. Other fixes: - Set CONFIGFIRSTSYSTEMID to 201 to avoid confclict bsc1236670 - Fix unshar...

6.5CVSS7.1AI score0.00285EPSS
Exploits1References7
osv
osv
added 2026/01/22 4:45 p.m.3 views

OPENSUSE-SU-2026:20090-1 Security update for busybox

This update for busybox fixes the following issues: Security fixes: - CVE-2025-60876: HTTP request header injection in wget bsc1253245. - CVE-2025-46394: Fixed tar hidden files via escape sequence bsc1241661. Other fixes: - Set CONFIGFIRSTSYSTEMID to 201 to avoid confclict bsc1236670 - Fix unshar...

6.5CVSS7.1AI score0.00285EPSS
Exploits1References6
osv
osv
added 2026/01/20 10:15 p.m.5 views

UBUNTU-CVE-2026-0672

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

6CVSS5.8AI score0.00401EPSS
Exploits0References9
vulnrichment
vulnrichment
added 2026/01/20 9:26 p.m.4 views

CVE-2026-0865 wsgiref.headers.Headers allows header newline injection

User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS5.4AI score0.00463EPSS
Exploits0References15
nessus
nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.261-2.6.22.1.AXS4 (AXSA:2020-002:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-002:03 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...

8.3CVSS6.7AI score0.0623EPSS
Exploits0References9
nessus
nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : java-11-openjdk-11.0.7.10-4.el7 (AXSA:2020-011:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-011:04 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...

8.3CVSS6.7AI score0.0623EPSS
Exploits0References14
nessus
nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.151-1.b12.el7 (AXSA:2017-2339:07)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2339:07 advisory. Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to...

9.6CVSS6.8AI score0.16181EPSS
Exploits2References15
Rows per page
Query Builder