Lucene search
K

145 matches found

RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-52747

A flaw was found in ModSecurity, an open-source web application firewall WAF. The multipart/form-data request body parser in libmodsecurity incorrectly handles embedded line breaks in non-file form-field values. This discrepancy between ModSecurity and backend applications, which preserve line...

8.6CVSS6.1AI score0.0046EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-52747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request bo...

8.6CVSS6AI score0.0046EPSS
Exploits0References3
NVD
NVD
added 4 days ago8 views

CVE-2026-52747

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS0.0046EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-52747 ModSecurity: Multipart form-data parser silently strips embedded line breaks from form-field values, enabling request-body inspection bypass

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS0.0046EPSS
Exploits0References3
CVE
CVE
added 4 days ago16 views

CVE-2026-52747

Summary of CVE-2026-52747 ModSecurity (the open‑source WAF engine for Apache/IIS/Nginx) prior to version 3.0.16 contains a parsing bug in the multipart/form-data body processor. Specifically, the libmodsecurity multipart parser silently removes embedded line breaks from non-file form-field values...

8.6CVSS6AI score0.0046EPSS
Exploits0References3
OSV
OSV
added 4 days ago2 views

CVE-2026-52747 ModSecurity: Multipart form-data parser silently strips embedded line breaks from form-field values, enabling request-body inspection bypass

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS6AI score0.0046EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:34 p.m.6 views

CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

6.3CVSS5.6AI score0.00313EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.13 views

Etsy::StatsD 安全漏洞

Etsy::StatsD is an open-source application performance monitoring and metric collection component developed by statsd. Etsy::StatsD versions 1.002002 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of checks for line breaks, colons, or pipes in metric...

7.5CVSS5.2AI score0.00262EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Net::Statsd::Lite 安全漏洞

Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.13 contained security vulnerabilities. These vulnerabilities stemmed from the lack of checks for line breaks, colons, or pipes in...

5.3CVSS5.2AI score0.00258EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.10 views

Text::LineFold 安全漏洞

Text::LineFold is a Perl text processing module developed by NEZUMI’s individual developers. Versions of Text::LineFold starting from 2019.001 and earlier contained security vulnerabilities. These vulnerabilities were caused by repeated output based on the number of special line breaks, which cou...

6.2CVSS5.8AI score0.002EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/27 8:42 p.m.12 views

Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

5.8AI score0.00062EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-44136

Description SymfonyComponentMimeAddress is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

7.1CVSS5.8AI score0.00062EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.22 views

BentoML 代码注入漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.39, there was a code injection vulnerability. This vulnerability stemmed from the envs.name value...

8.8CVSS5.9AI score0.00321EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/05/22 2:16 p.m.10 views

CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

9.2CVSS5.9AI score0.00848EPSS
Exploits1References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed potential OOPs in cifsoplockbreak With deferred close, there may be situations where closes occur simultaneously with lease breaks. Additionally, when checking whether to send the lease response, oplockresponse can...

5.3AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.12 views

Net::Statsd::Lite 注入漏洞

Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.10.0 have a vulnerability due to the setadd method not checking for line breaks, colons, or pipes, which may lead to metric...

7.3CVSS5.8AI score0.00226EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

Net::Statsd::Lite 注入漏洞

Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.9.0 have a injection vulnerability. This vulnerability arises from the lack of checks for line breaks, colons, or vertical bars in...

6.5CVSS5.8AI score0.00306EPSS
Exploits0References2
Talos Blog
Talos Blog
added 2026/05/07 6:0 p.m.13 views

Unplug your way to better code

Welcome to this week's edition of the Threat Source newsletter. Hey, you. Yeah, you! The person endlessly scrolling or typing away at their computer. Did you touch grass today? It's just an expression, but if nature's your thing, that works just fine. What I do mean is that due to the nature of t...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.45 views

Gotenberg 参数注入漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg 8.30.1 and earlier contained a parameter injection vulnerability. This vulnerability stemmed from the fact that the metadata writing...

10CVSS5.9AI score0.00611EPSS
Exploits1References1
OSV
OSV
added 2026/04/23 2:19 p.m.9 views

CLSA-2026-1776953969 vim: Fix of CVE-2022-2889

CVE-2022-2889: fix use-after-free with multiple line breaks in Vim9 expression by deferring the free of evalarg-evaltofree...

7.8CVSS7.1AI score0.00497EPSS
Exploits1References1
Rows per page
Query Builder