Lucene search
K

546 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libsoup (UTSA-2026-014298)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014298 advisory. A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured a...

5.8CVSS5.7AI score0.00312EPSS
Exploits1References4
OSV
OSV
added 2026/04/22 8:25 p.m.10 views

GHSA-C3H8-G69V-PJRG i18next-http-middleware: HTTP response splitting and DoS via unsanitised Content-Language header

Summary Versions of i18next-http-middleware prior to 3.9.3 wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which is an HTML-entity encoder that does not strip carriage return, line feed, or other control characters. When the...

8.6CVSS5.9AI score0.00327EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.7 views

PT-2026-33702

SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences 'CRLF Injection' vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration...

6.9CVSS5.9AI score0.00277EPSS
Exploits0References4
NVD
NVD
added 2026/04/16 3:16 a.m.4 views

CVE-2026-6351

MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files...

8.7CVSS0.00591EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/16 2:39 a.m.37 views

CVE-2026-6351 Openfind|MailGates/MailAudit - CRLF Injection

MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files...

8.7CVSS0.00591EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/04/15 8:4 a.m.10 views

HTTP client proxy tunnel headers not validated for CR/LF

...

5.7CVSS7.3AI score0.00562EPSS
Exploits0
Snyk
Snyk
added 2026/04/14 11:27 p.m.8 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/13 6:21 p.m.5 views

CVE-2026-1502

A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters carriage return and line feed from being included in HTTP client proxy tunnel headers or host fields...

5.7CVSS5.7AI score0.00562EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/10 9:22 p.m.3 views

CVE-2026-39983

A flaw was found in basic-ftp, an FTP client for Node.js. A remote attacker can exploit this vulnerability by injecting Carriage Return Line Feed CRLF sequences into file path parameters used by high-level APIs. This allows the attacker to split a single intended FTP command into multiple command...

8.6CVSS6AI score0.02185EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/10 6:31 p.m.3 views

EUVD-2026-21519

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.8AI score0.00562EPSS
Exploits0References5
OSV
OSV
added 2026/04/10 6:16 p.m.6 views

UBUNTU-CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.8AI score0.00562EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/04/10 6:16 p.m.3 views

CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.8AI score0.00562EPSS
Exploits0References7
OSV
OSV
added 2026/04/10 5:54 p.m.11 views

PSF-2026-15

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.8AI score0.00562EPSS
Exploits0References9
CVE
CVE
added 2026/04/10 5:54 p.m.48 views

CVE-2026-1502

The CVE-2026-1502 entry concerns CR/LF bytes not being rejected by HTTP client proxy tunnel headers or host, as described in both the CVE record and the CVE-List entry. The connected documents indicate this is related to HTTP client proxy tunnel header validation, without providing specific affec...

5.7CVSS5.8AI score0.00562EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/04/10 5:54 p.m.6 views

CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.8AI score0.00562EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2026/04/10 5:54 p.m.4 views

CVE-2026-1502

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.2AI score0.00562EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/10 5:54 p.m.64 views

CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS0.00562EPSS
Exploits0References9
CVE
CVE
added 2026/04/10 4:8 p.m.16 views

CVE-2026-35601

CVE-2026-35601 affects Vikunja prior to 2.3.0 where the CalDAV output generator concatenates iCalendar VTODO fields without RFC 5545 escaping. User-controlled task titles containing CRLF can break the SUMMARY boundary, enabling injection of arbitrary iCalendar properties such as ATTACH, VALARM, o...

4.1CVSS5.9AI score0.00196EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 3:40 p.m.4 views

CVE-2026-34478 Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility

Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.htmlRFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect user...

6.9CVSS5.8AI score0.00831EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/10 3:35 p.m.10 views

Vikunja has iCalendar Property Injection via CRLF in CalDAV Task Output

Summary The CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying RFC 5545 TEXT value escaping. User-controlled task titles containing CRLF characters break the iCalendar property boundary, allowing injection of arbitrary iCalendar properties such as...

4.1CVSS5.9AI score0.00196EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder