Lucene search
K

21 matches found

Cvelist
Cvelist
added 19 hours ago10 views

CVE-2026-12127 WPForms <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via Reply-To Display Name

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS
Exploits0References11
OSV
OSV
added 2026/05/27 8:42 p.m.6 views

GHSA-QPMX-3RFJ-7RHV Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

7.1CVSS5.8AI score0.00062EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.6 views

Pi-hole 注入漏洞

Pi-hole is a web-level ad blocking application developed by Pi-hole Inc. Versions of Pi-hole prior to 6.6.1 had a injection vulnerability. This vulnerability stemmed from the lack of validation of line breaks in the dns.interface configuration field, allowing attackers to inject arbitrary command...

8.8CVSS6AI score0.00956EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/22 2:56 p.m.5 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the settingsToParameters process. An attacker can execute arbitrary code and alter the configuration of child processes by injecting newline characters into PHP INI values that are forwarded to child processes. This...

8.5CVSS6.3AI score0.00191EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/22 9:31 a.m.7 views

EUVD-2026-24637

The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields before writing them to the Apache .htaccess file via insertwithmarkers. This makes it possible for...

5.5CVSS5.8AI score0.00474EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/18 3:48 p.m.10 views

Security Bulletin: IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec (CVE-2025-67735)

Summary IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec CVE-2025-67735. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions...

6.5CVSS6.5AI score0.00292EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added 2026/02/10 3:2 a.m.29 views

CVE-2026-23686 CRLF Injection vulnerability in SAP NetWeaver Application Server Java

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

3.4CVSS0.00164EPSS
Exploits0References2
Debian
Debian
added 2026/02/05 7:43 p.m.8 views

[SECURITY] [DSA 6119-1] openjdk-25 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6119-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 05, 2026 https://www.debian.org/security/faq -...

7.5CVSS6AI score0.00864EPSS
Exploits1
Snyk
Snyk
added 2026/01/20 9:52 p.m.1 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the http.cookies.Morsel field. An attacker can manipulate HTTP responses by injecting arbitrary headers through user-controlled cookie values or parameters. Remediation A fix was pushed into the master branch but not...

7.5CVSS6AI score0.00401EPSS
Exploits0References2
OSV
OSV
added 2025/10/23 3:15 p.m.1 views

CVE-2025-56007

CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...

6.5CVSS5.8AI score0.0031EPSS
Exploits1References2
OSV
OSV
added 2025/09/19 9:57 a.m.4 views

BIT-JENKINS-2025-59476

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, followed by forged log messages that may...

5.3CVSS6.8AI score0.00335EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.3 views

SAP S/4HANA 注入漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. An injection vulnerability exists in SAP S/4HANA that stems from CRLF injection and could lead to bypassing the allowed list...

4.3CVSS6.9AI score0.00229EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/11 11:7 p.m.10 views

Litestar has potential log injection in exception logging

Summary Litestar does not escape url paths when logging exceptions. This makes logger vulnerable to CRLF injection if logging level is configured to debug or logexceptions is set to "always", which allows attackers to inject newlines and forge log entries. Details Litestar directly formats unquot...

7.3AI score
Exploits0References3Affected Software1
Amazon
Amazon
added 2025/02/25 12:0 a.m.10 views

Medium: php

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

9.8CVSS8.4AI score0.02286EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2023/09/11 12:0 a.m.5 views

PT-2023-20520 · Crow · Crow

Name of the Vulnerable Software and Affected Versions: crow affected versions not specified Description: The issue concerns HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set header and add...

6.5CVSS6.2AI score0.0045EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/04/17 12:0 a.m.5 views

Slim psr7 安全漏洞

SLiM Simple Login Manager is a simple, lightweight and easily configurable login manager. A security vulnerability exists in Slim psr7 versions prior to 1.6.1, which originates from an attacker being able to include line breaks in header names and values...

6.5CVSS6.9AI score0.00743EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.20 views

PSR-7 Message Implementation 输入验证错误漏洞

PSR-7 Message Implementation is a complete PSR-7 message implementation. An input validation error vulnerability exists in PSR-7 Message Implementation version 1.8.3 and earlier and in psr7 from version 2.0.0 through 2.1.0. An attacker can add a new line of characters and pass untrusted values...

7.5CVSS7.2AI score0.02384EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2020/04/01 8:39 a.m.5 views

python: CRLF injection via the query part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

6.1CVSS6.7AI score0.05328EPSS
Exploits1References4
CNVD
CNVD
added 2019/11/27 12:0 a.m.1 views

Ruby has an unspecified vulnerability (CNVD-2020-12798)

Ruby is a simple and fast object-oriented object-oriented programming scripting language. An unspecified vulnerability exists in Ruby. An attacker could exploit the vulnerability by inserting line breaks to split headers and inject malicious content to spoof the client...

5.3CVSS5.6AI score0.04569EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2012/05/21 2:21 p.m.2 views

postgresql: SQL injection due unsanitized newline characters in object names

CRLF injection vulnerability in pgdump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQ...

6.8CVSS7.5AI score0.0257EPSS
Exploits1References4
Rows per page
Query Builder