CVE-2025-67735 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when HttpRequestEncod...

GHSA-84H7-RJJ3-6JX4 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder

Summary The io.netty.handler.codec.http.HttpRequestEncoder CRLF injection with the request uri when constructing a request. This leads to request smuggling when HttpRequestEncoder is used without proper sanitization of the uri. Details The HttpRequestEncoder simply UTF8 encodes the uri without...

EUVD-2018-15504

Malware in sbrugna...

EUVD-2018-0026

Malware in sbrugna...

EUVD-2017-16485

Malware in sbrugna...

EUVD-2024-33766

Malicious code in bioql PyPI...

CVE-2025-9161

A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution...

CVE-2025-9161

CVE-2025-9161 affects the FactoryTalk Optix MQTT broker. The vulnerability stems from insufficient URI sanitization, which allows loading of remote Mosquito plugins and can lead to remote code execution. Documented impact is remote code execution; exploitation details are not provided in the supp...

CVE-2025-9161 Rockwell Automation FactoryTalk Optix Remote Code Execution Vulnerability

A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution...

Linux Distros Unpatched Vulnerability : CVE-2018-7753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Usi...

php: Configuring a proxy in a stream context might allow for CRLF injection in URIs

A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...

BIT-PHP-MIN-2024-11234 Configuring a proxy in a stream context might allow for CRLF injection in URIs

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

SUSE CVE-2024-11234

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

AZL-53486 CVE-2024-11234 affecting package php for versions less than 8.3.14-1

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

CVE-2024-11234

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

CVE-2024-11234

The CVE-2024-11234 entry concerns HTTP request smuggling via PHP streams when a proxy is configured and the request_fulluri option is used. Affected PHP versions are 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14. The vulnerability arises from improper URI sanitization in strea...

USN-6263-1 openjdk-8, openjdk-lts, openjdk-17 vulnerabilities

Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. CVE-2023-22006 Eirik Bjørsnøs discovered that...

USN-6077-1 openjdk-8, openjdk-lts, openjdk-17, openjdk-20 vulnerabilities

Ben Smyth discovered that OpenJDK incorrectly handled half-duplex connections during TLS handshake. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. CVE-2023-21930 It was discovered that OpenJDK incorrectly handled certain inputs. An attacker could...

SUSE CVE-2018-7753

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized...

Cross-site Scripting (XSS)

firefox is vulnerable to cross site scripting. The vulnerability exists due to a lack of sanitization of URI in CSS stylesheets allowing an attacker to inject maliciously crafted script into the system...