Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

29 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2018-0076

Malware in sbrugna...

7.5CVSS7.4AI score0.01484EPSS
Exploits1References11
Tenable Nessus
Tenable Nessusadded 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in processheaders function in...

7.5CVSS7.4AI score0.01484EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/12/02 4:8 p.m.22 views

Security Bulletin: Mutiple vulnerabilites in Python affect IBM Robotic Process Automation

Summary Mutiple vulnerabilites in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2019-11236 DESCRIPTION: Python urllib...

6.5CVSS6.7AI score0.00575EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/21 11:47 a.m.18 views

Security Bulletin: IBM SPSS Analytic Server is affected by vulnerability in Netty (CVE-2022-41915)

Summary Netty is used by IBM SPSS Analytic Server. The latest patch includes Netty 4.1.109.Final to fix the vulnerability. Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is vulnerable to HTTP response splitting attacks, caused by a flaw when calling DefaultHttpHeaders.set with an...

6.5CVSS6.4AI score0.00497EPSS
Exploits1Affected Software1
NVD
NVDadded 2023/01/03 5:15 p.m.13 views

CVE-2022-42471

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary...

5.4CVSS5.5AI score0.00271EPSS
Exploits0References1
Prion
Prionadded 2023/01/03 5:15 p.m.18 views

Crlf injection

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary...

5.8CVSS5.5AI score0.00271EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/01/03 4:58 p.m.10 views

CVE-2022-42471

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary...

5.4CVSS7AI score0.00271EPSS
Exploits0References1
CVE
CVEadded 2023/01/03 4:58 p.m.44 views

CVE-2022-42471

FortiWeb is affected by CVE-2022-42471 due to improper neutralization of CRLF sequences in HTTP headers (HTTP Response Splitting). The issue affects FortiWeb versions 7.0.0–7.0.2, 6.4.0–6.4.2, and 6.3.6–6.3.20, allowing an authenticated, remote attacker to inject arbitrary headers. Root cause: im...

5.4CVSS5.6AI score0.00271EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2023/01/03 4:58 p.m.17 views

CVE-2022-42471

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary...

5.4CVSS5.8AI score0.00271EPSS
Exploits0References1
Fortinet
Fortinetadded 2023/01/03 12:0 a.m.59 views

FortiWeb - header injection in FortiWeb API

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 In FortiWeb API may allow an authenticated and remote attacker to inject arbitrary headers...

4.4AI score
Exploits0Affected Software1
Github Security Blog
Github Security Blogadded 2020/04/03 3:23 p.m.107 views

Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)

Impact - Cross Site Scripting - Cache Poisoning - Page Hijacking Patches This was fixed in version 2.2.1. Workarounds If you are unable to update, ensure that user supplied data isn't able to flow to HTTP headers. If it does, pre-sanitize for CRLF characters. References CWE-113: Improper...

9.8CVSS0.1AI score0.00451EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Stormadded 2020/02/21 12:0 a.m.133 views

D-Link DGS-1250 Header Injection

D-Link DGS-1250 header injection vulnerability ============================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/d-link-dgs-1250-header-injection.txt Overview -------- D-Link DGS-1250 switch is susceptible to a header injection...

Exploits0
OSV
OSVadded 2019/12/06 6:55 p.m.18 views

GHSA-35FR-H7JR-HH86 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. Impact 1. Cross-User Defacement 2. Cache...

6.5CVSS6.4AI score0.00416EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2019/10/21 4:8 p.m.31 views

io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection')

CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' Versions of Ratpack 0.9.1 through and including 1.7.4 are vulnerable to HTTP Response Splitting, if untrusted and unsanitized data is used to populate the headers of an HTTP response. An attacker can...

7.5CVSS0.7AI score0.0125EPSS
Exploits0References7Affected Software1
seebug.org
seebug.orgadded 2018/07/30 12:0 a.m.563 views

Samsung SmartThings Hub hubCore Port 39500 HTTP Header Injection Vulnerability(CVE-2018-3911)

Summary An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controll...

0.5AI score0.00639EPSS
Exploits2
OSV
OSVadded 2018/07/12 8:30 p.m.22 views

GHSA-32PC-XPHX-Q4F6 Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...

8.7CVSS7.4AI score0.01484EPSS
Exploits1References9
Github Security Blog
Github Security Blogadded 2018/07/12 8:30 p.m.56 views

Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...

7.5CVSS3.2AI score0.01484EPSS
Exploits1References8Affected Software1
Prion
Prionadded 2018/04/18 7:29 p.m.13 views

Design/Logic Flaw

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...

5CVSS7.4AI score0.01484EPSS
Exploits1References5Affected Software2
OSV
OSVadded 2018/04/18 7:29 p.m.25 views

PYSEC-2018-55

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...

7.5CVSS2.9AI score0.01484EPSS
Exploits1References6
OSV
OSVadded 2018/04/18 7:29 p.m.12 views

CVE-2018-1000164

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...

7.5CVSS7.8AI score
Exploits0References5
Rows per page
Query Builder