CVE-2026-47242 Net::IMAP: Command Injection via ID command argument

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash argument, although the ID field value strings are correctly quoted escaping quoted specials, they were not validated to prohibit CRLF sequence...

CVE-2026-47242

Net::IMAP (Ruby) CVE-2026-47242 affects versions before 0.6.5 and 0.5.15. The vulnerability arises because Net::IMAP#id (with a hash argument) and Net::IMAP#enable do not properly validate arguments, allowing CRLF or atom-list injections and causing the #to_s value to be sent verbatim. An attacke...

Medium: perl-HTTP-Tiny

Issue Overview: HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker w...

Medium: perl-HTTP-Tiny

Issue Overview: HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker w...

CVE-2026-7010

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...

OESA-2026-2374 perl-HTTP-Tiny security update

This is a very simple HTTP/1.1 client, designed for doing simple requests without the overhead of a large framework like LWP::UserAgent. Security Fixes: HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are...

SUSE SLES15 Security Update : python39 (SUSE-SU-2026:1818-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1818-1 advisory. Security issues fixed: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: base6...

CVE-2026-7010

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...

DEBIAN-CVE-2026-7010

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...

CVE-2026-7010

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...

PT-2026-39866

Name of the Vulnerable Software and Affected Versions HTTP::Tiny versions prior to 0.093 Description Perl HTTP::Tiny fails to validate CRLF Carriage Return Line Feed sequences in HTTP request lines or control field header values. The issue involves unvalidated inputs including the method and URI ...

CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

CVE-2026-29085

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE in Streaming Helper, the event, id, and retry fields were not validated for carriage return \r or newline \n characters. Because the SSE protocol uses line breaks as...

MiracleLinux 7 : php-5.4.16-48.0.10.el7.AXS7 (AXSA:2025-10839:09)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10839:09 advisory. CVE-2025-1736: fix incorrect validation of CRLF in http headers CVEs: CVE-2025-1736 In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. befor...

SMTP Injection

Jakarta Mail is vulnerable to SMTP injection. The vulnerability is due to improper input validation of SMTP message fields of raw carriage return and line feed \r and \n UTF-8 characters in headers and parameters, An attackers can exploit this to inject additional SMTP commands or split messages ...

CLSA-2025-1756323821 php: Fix of CVE-2025-1736

CVE-2025-1736: fix incorrect validation of CRLF in http headers...

CLSA-2025-1756322698 php: Fix of CVE-2025-1736

CVE-2025-1736: fix incorrect validation of CRLF in http headers...