Lucene search
+L

130 matches found

Snyk
Snyk
added 2026/05/08 8:49 p.m.14 views

HTTP Response Splitting

Overview eventsource-encoder is an Encodes events as well-formed EventSource/Server Sent Event SSE messages Affected versions of this package are vulnerable to HTTP Response Splitting via unsanitized event and id fields in the encoding process. An attacker can inject arbitrary Server-Sent Events...

6.9CVSS6AI score0.00277EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/05 10:17 p.m.18 views

Allocation of Resources Without Limits or Throttling

Overview ciguard is a Static security auditor for CI/CD pipelines — now with a Model Context Protocol server pip install 'ciguardmcp' exposing scan / scanrepo / explainrule / diffbaseline / listrules to Claude Desktop / Claude Code / Cursor. Plus .ciguardignore rationale-required suppression,...

6.3CVSS5.8AI score0.00301EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 8:25 p.m.11 views

GHSA-C3H8-G69V-PJRG i18next-http-middleware: HTTP response splitting and DoS via unsanitised Content-Language header

Summary Versions of i18next-http-middleware prior to 3.9.3 wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which is an HTML-entity encoder that does not strip carriage return, line feed, or other control characters. When the...

8.6CVSS5.9AI score0.00327EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/20 3:45 p.m.32 views

CVE-2026-24468 OpenAEV Vulnerable to Username/Email Enumeration Through Differential HTTP Responses in Password Reset API

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior to version 2.0.13, the /api/reset endpoint behaves differently depending on whether the supplied username exists in the syste...

5.3CVSS0.00294EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/14 11:27 p.m.6 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.12 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
OSV
OSV
added 2026/04/08 7:22 p.m.7 views

GHSA-W8RR-5GCM-PP58 opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies

overview: this report shows that the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. this is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled or a network attacker can mitm t...

5.3CVSS5.9AI score0.00206EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.13 views

PT-2026-30868

Name of the Vulnerable Software and Affected Versions Vite versions 7.1.0 through 7.3.1 and 8.0.0 through 8.0.4 Description Vite, a frontend tooling framework for JavaScript, allows retrieval of files blocked by server.fs.deny such as .env and .crt files with HTTP 200 responses when specific quer...

8.2CVSS5.9AI score0.02095EPSS
Exploits1References13
OSV
OSV
added 2026/04/01 9:48 p.m.2 views

GHSA-MWH4-6H8G-PG8W AIOHTTP has HTTP response splitting via \r in reason phrase

Summary An attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. Impact In the unlikely situation that an application allows untrusted data to be used in the response's reason parameter, then an attacker could manipulate the...

6.9CVSS5.8AI score0.00292EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/01 9:20 p.m.6 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting in the construction of multipart request headers when untrusted input is used for the contenttype parameter. An attacker can inject arbitrary headers or manipulate HTTP requests by supplying specially crafted...

6.9CVSS6AI score0.00315EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/01 8:26 p.m.21 views

CVE-2026-34519 AIOHTTP: HTTP response splitting via \r in reason phrase

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS0.00292EPSS
Exploits0References3
OSV
OSV
added 2026/04/01 8:26 p.m.2 views

CVE-2026-34519 AIOHTTP: HTTP response splitting via \r in reason phrase

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS5.9AI score0.00292EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.16 views

PT-2026-28296

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description HCL Aftermarket DPC is susceptible to an HTTP Response Splitting issue. The impact of this issue depends on how the web application processes split responses, potentially allowing...

8.8CVSS6.1AI score0.00318EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/20 4:8 p.m.7 views

CVE-2026-22732

A flaw was found in Spring Security. When applications using Spring Security specify HTTP response headers for servlet applications, these headers may not be written. This can lead to a bypass of security policies or information disclosure, potentially allowing an attacker to gain unauthorized...

9.1CVSS5.6AI score0.0048EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.6 views

EulerOS Virtualization 2.12.0 : python3 (EulerOS-SA-2026-1512)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorit...

9.4CVSS7.7AI score0.01525EPSS
Exploits14References14
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.4 views

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2026-1345)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to...

7.5CVSS6.7AI score0.01525EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/11 8:40 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via an unbounded read of the HTTP response body during notarization. An attacker can exhaust system memory and cause a crash by supplying a maliciously large HTTP response body if the...

6CVSS5.8AI score0.00088EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 12:38 a.m.6 views

EUVD-2026-11327

Quill has DoS via unbounded read of HTTP response body during notarization...

5.3CVSS5.8AI score0.00088EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/03 7:53 p.m.5 views

EUVD-2025-208250

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

6.5CVSS5.9AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 3:16 p.m.16 views

CVE-2026-0689

Affected product/versions: ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10. Vulnerable component: NAC administration interface. Root cause / flaw: Authenticated NAC admin requests return underlying credential values in HTTP responses while UI shows redacted values, enabling recovery of stor...

8.5CVSS6AI score0.00285EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder