Lucene search
+L

43 matches found

cve
cve
added last week17 views

CVE-2026-50188

Kirby CMS is affected in versions prior to 4.9.4 and 5.4.4 where the Kirby\Http\Remote class (Remote::request/Remote::get/Remote::post) can be given untrusted header data. The issue stems from newline characters in header values being passed to the underlying HTTP request, allowing injection of a...

6.9CVSS6AI score0.0029EPSS
Exploits0References5
osv
osv
added last week3 views

CVE-2026-50188 Kirby: Request header injection in `Http\Remote`

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request, Remote::get, and Remote::post, to send outgoing HTTP requests with untrusted data in the headers option could allow newline characters...

6.9CVSS6.2AI score0.0029EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/02 4:2 a.m.17 views

CVE-2026-44649

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User Authelia and X-Authentik-Username Authentik HTTP headers to...

9.8CVSS5.8AI score0.00218EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/14 12:0 a.m.6 views

PT-2026-32610

A vulnerability has been identified in Industrial Edge Management Pro V1 All versions = V1.7.6 = V2.0.0 = V2.2.0 V2.8.0. Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent...

7.1CVSS5.8AI score0.00209EPSS
Exploits0References3
osv
osv
added 2026/04/07 2:22 p.m.1 views

CVE-2026-3902 ASGI header spoofing via underscore/hyphen conflation

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS7AI score0.00436EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/03/17 9:44 a.m.3 views

CVE-2026-3633 Libsoup: libsoup: header and http request injection via crlf injection

A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the soupmessagenew function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF Carriage Return Line Feed injection, occurs because the method value is not properly...

3.9CVSS5.9AI score0.00223EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2025/12/05 6:18 p.m.3 views

CVE-2025-66570 cpp-httplib Untrusted HTTP Header Handling: Internal Header Shadowing (REMOTE*/LOCAL*)

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTEADDR, REMOTEPORT,...

10CVSS6.7AI score0.00307EPSS
Exploits1References2
cvelist
cvelist
added 2025/12/05 6:18 p.m.22 views

CVE-2025-66570 cpp-httplib Untrusted HTTP Header Handling: Internal Header Shadowing (REMOTE*/LOCAL*)

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTEADDR, REMOTEPORT,...

10CVSS0.00307EPSS
Exploits1References2
cvelist
cvelist
added 2025/12/01 2:32 a.m.16 views

CVE-2025-13803 MediaCrush Header paths.py http headers for scripting syntax

A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. The attack can be...

7.5CVSS0.00305EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/11/20 12:21 a.m.16 views

CVE-2025-51663

A vulnerability found in IPRateLimit implementation of FileCodeBox up to 2.2 allows remote attackers to bypass ip-based rate limit protection and failed attempt restrictions by faking X-Real-IP and X-Forwarded-For HTTP headers. This can enable attackers to perform DoS attacks or brute force share...

7.5CVSS6.9AI score0.00368EPSS
Exploits1References1
hackerone
hackerone
added 2025/11/01 8:40 p.m.24 views

curl: Directory Traversal Vulnerability in cURL via Content-Disposition Header Processing

Vulnerability Description The parsefilename function in src/toolcbhdr.c does not adequately validate and sanitize filenames extracted from HTTP Content-Disposition headers, allowing directory traversal attacks when the -O remote-name and -J remote-header-name options are used together. Vulnerable...

7.2AI score
Exploits0
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-8717

Malware in sbrugna...

7.5CVSS7.6AI score0.03524EPSS
Exploits0References13
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-0215

Malware in sbrugna...

5CVSS6AI score0.04195EPSS
Exploits0References21
cvelist
cvelist
added 2025/05/06 2:55 p.m.28 views

CVE-2025-46814 FastAPI Guard Remote Header Injection via X-Forwarded-For Manipulation

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially...

3.4CVSS0.0029EPSS
Exploits1References2
redhat
redhat
added 2023/02/21 9:26 a.m.4 views

kernel: NFSD: Protect against send buffer overflow in NFSv3 READDIR

A buffer management flaw was found in the Linux kernel's NFS server implementation in the NFSv3 READDIR operation handling. A remote client can trigger this issue by crafting an RPC call with an oversized RPC record header, which forces the server to shrink its response buffer allocation. This...

7.3AI score
Exploits0References5
susecve
susecve
added 2023/02/15 6:17 a.m.4 views

SUSE CVE-2005-2703

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting...

5CVSS7.1AI score0.01789EPSS
Exploits0References5
susecve
susecve
added 2023/02/15 6:16 a.m.4 views

SUSE CVE-2005-3883

CRLF injection vulnerability in the mbsendmail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds LF in the "To" address argument...

5CVSS7.7AI score0.03052EPSS
Exploits0References4
susecve
susecve
added 2023/02/15 6:12 a.m.4 views

SUSE CVE-2007-1718

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the 1 Subject or 2 To parameter, as demonstrat...

7.8CVSS7.7AI score0.06689EPSS
Exploits1References4
susecve
susecve
added 2023/02/15 5:24 a.m.5 views

SUSE CVE-2014-9650

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions...

5CVSS7.6AI score0.02622EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 5:10 a.m.5 views

SUSE CVE-2015-8852

Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r carriage return character in conjunction with multiple Content-Length headers in an HTTP...

7.5CVSS7.7AI score0.03524EPSS
Exploits0References3
Rows per page
Query Builder