Lucene search
K

3241 matches found

EUVD
EUVD
added 2026/05/04 2:40 p.m.9 views

EUVD-2026-26965

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

6.5CVSS5.8AI score0.00436EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 2:40 p.m.9 views

CVE-2026-33523

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

6.5CVSS5.8AI score0.00436EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/04 2:40 p.m.6 views

CVE-2026-33523

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

6.5CVSS5.8AI score0.00436EPSS
Exploits0
CVE
CVE
added 2026/05/04 2:40 p.m.55 views

CVE-2026-33523

CVE-2026-33523 describes an HTTP response splitting vulnerability in multiple Apache HTTP Server modules when backends are untrusted or compromised. Affected product: Apache HTTP Server up to version 2.4.66. The issue is resolved by upgrading to version 2.4.67. The provided documents do not inclu...

6.5CVSS5.8AI score0.00436EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/04 2:40 p.m.123 views

CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

0.00436EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/04 2:40 p.m.4 views

CVE-2026-33523

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

6.5CVSS5.8AI score0.00436EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Apache HTTP Server versions 2.4.66 and earlier contain security vulnerabilities, which stem fro...

6.5CVSS5.8AI score0.00436EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.5 views

RHCOS 3 : jenkins (RHSA-2016:0711)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0711 advisory. - jenkins: Remote code execution vulnerability in remoting module SECURITY-232 CVE-2016-0788 - jenkins: HTTP response splitting...

10CVSS7.2AI score0.82697EPSS
Exploits25References15
Kaspersky
Kaspersky
added 2026/05/04 12:0 a.m.13 views

KLA91019 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, bypass security restrictions, execute arbitrary code, inject malicious code, gain privileges. Below is a complete list of...

9.8CVSS6.4AI score0.4581EPSS
Exploits18References3
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.10 views

RHCOS 6 : Red Hat OpenShift Enterprise 1.1 update (Important) (RHSA-2013:0220)

The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0220 advisory. - Origin: rhc-chk.rb password exposure in log files CVE-2012-5658 - Jenkins: HTTP response splitting CVE-2012-6072 - Jenkins: open...

7.5CVSS5.8AI score0.04458EPSS
Exploits2References52
OSV
OSV
added 2026/05/03 9:58 a.m.9 views

OESA-2026-2194 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...

9.1CVSS5.8AI score0.00461EPSS
Exploits0References10
OSV
OSV
added 2026/05/03 9:58 a.m.7 views

OESA-2026-2193 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...

9.1CVSS5.7AI score0.00461EPSS
Exploits0References10
OSV
OSV
added 2026/05/03 9:57 a.m.8 views

OESA-2026-2192 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...

9.1CVSS5.7AI score0.00461EPSS
Exploits0References10
Snyk
Snyk
added 2026/04/24 7:20 p.m.10 views

HTTP Response Splitting

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to HTTP Response Splitting via the isFormData and getHeaders handling in the HTTP request path. An attacker can inject arbitrary request headers by supplying a...

9.1CVSS5.7AI score0.00394EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/22 8:25 p.m.12 views

HTTP Response Splitting

Overview i18next-http-middleware is an i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Affected versions of this package are vulnerable to HTTP Response Splitting via the lng parameter, which is passed through to the...

8.8CVSS5.6AI score0.00327EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 8:25 p.m.10 views

GHSA-C3H8-G69V-PJRG i18next-http-middleware: HTTP response splitting and DoS via unsanitised Content-Language header

Summary Versions of i18next-http-middleware prior to 3.9.3 wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which is an HTML-entity encoder that does not strip carriage return, line feed, or other control characters. When the...

8.6CVSS5.9AI score0.00327EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/22 8:25 p.m.15 views

i18next-http-middleware: HTTP response splitting and DoS via unsanitised Content-Language header

Summary Versions of i18next-http-middleware prior to 3.9.3 wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which is an HTML-entity encoder that does not strip carriage return, line feed, or other control characters. When the...

8.6CVSS5.9AI score0.00327EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/04/14 11:27 p.m.5 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.4 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.8 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Rows per page
Query Builder