PT-2026-42364

Vikunja has iCalendar Property Injection via CRLF in CalDAV Task Output in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabilit...

CVE-2026-35601 Vikunja has an iCalendar Property Injection via CRLF in CalDAV Task Output

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying RFC 5545 TEXT value escaping. User-controlled task titles containing CRLF characters break the iCalendar propert...

EUVD-2017-17731

Malware in sbrugna...

EUVD-2016-8872

Malware in sbrugna...

EUVD-2005-2062

Malware in sbrugna...

EUVD-2018-4447

Malware in sbrugna...

EUVD-2021-24064

Malware in sbrugna...

Ivanti Policy Secure 22.x XSS Vulnerability

The Ivanti Policy Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a CRLF vulnerability. This vulnerability allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack. Note that...

Ivanti Connect Secure 9.x / 22.x XSS Vulnerability

The Ivanti Connect Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by a CRLF vulnerability. This vulnerability allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack. Note that...

CVE-2021-37499

CRLF vulnerability in Reprise License Manager RLM web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers...

Crlf injection

CRLF vulnerability in Reprise License Manager RLM web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers...

CVE-2021-37499

CRLF vulnerability in Reprise License Manager RLM web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers...

CVE-2021-37499

CRLF vulnerability in Reprise License Manager RLM web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers...

CVE-2021-37499

The CVE-2021-37499 entry describes a CRLF injection vulnerability in Reprise License Manager (RLM) web interface up to version 14.2BL4, located in the password parameter of the View License Result function. The underlying issue is unsanitized user input that allows remote attackers to inject arbi...

Arsenal - Recon Tool installer

Arsenal is a Simple shell script Bash used to install the most important tools and requirements for your environment and save time in installing all these tools. Tools in Arsenal Name | description ---|--- Amass | The OWASP Amass Project performs network mapping of attack surfaces and external...

GHSA-9CX9-X2GP-9QVH CRLF vulnerability in Fiber

Impact The filename that is given in c.Attachment is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the attacker can change the name of the downloaded file, redirect to...

CRLF vulnerability in Fiber

Impact The filename that is given in c.Attachment is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the attacker can change the name of the downloaded file, redirect to...

CVE-2021-0268 Junos OS: J-Web has an Improper Neutralization of CRLF Sequences in its HTTP Headers which allows an attacker to carry out multiple types of attacks.

An Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the...

CVE-2019-13609 - CRLF Vulnerability in Citrix License Server for Windows and VPX

Description of Problem A Carriage Return Line Feed CRLF injection vulnerability has been identified in Citrix License Server for Windows and VPX that could allow an unauthenticated attacker to bypass authentication and allow a malicious website to read or modify license server data of an existing...

CVE-2020-15111 CRLF vulnerability in Fiber

In Fiber before version 1.12.6, the filename that is given in c.Attachment https://docs.gofiber.io/ctxattachment is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the...