4177 matches found
CVE-2026-43966
CVE-2026-43966 describes a HTTP Response Splitting flaw in the Erlang/cowlib component, where cow_http_struct_hd:escape_string/2 only escapes backslash and quote, allowing CRLF injection into structured HTTP header values. The mismatch between the encoder (allows any byte) and the parser (accepts...
EUVD-2026-35131
Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...
CVE-2026-49756
CVE-2026-49756 describes a CRLF injection in Req.Utils.encode_form_part/2 of the Elixir Req library. User-controlled name, filename, or content_type are interpolated into Content-Disposition and Content-Type without escaping, allowing CRLFs to terminate header lines and add smuggled parts. This e...
CVE-2026-49756
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encodeformpart/2 in lib/req/utils.ex builds the per-part headers by interpolating the caller-supplied name, filename, an...
CVE-2026-49756 Multipart form-data header injection in Req via unescaped name/filename/content_type
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encodeformpart/2 in lib/req/utils.ex builds the per-part headers by interpolating the caller-supplied name, filename, an...
Ruby on Rails - Open Redirect via Host Header Injection
Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...
ExponentCMS <= 2.6 - Host Header Injection
An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM. id: CVE-2021-38751 info: name: ExponentCMS = 2.6 - Host Header Injection author:...
curl: libcurl: HTTP/1.x bare LF byte in response header value enables cookie jar pollution and POST body/credential exfiltration via redirect — RC=0, curl 8
Summary curl's HTTP/1.x response header parser splits header lines using a single memchrbuf, '\n', blen call lib/http.c:4457, with no awareness of whether the current position is inside a quoted-string value. A server response containing any header field whose value embeds a raw LF byte \x0a caus...
CVE-2026-21826
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways...
EulerOS Virtualization 2.10.1 : python3 (EulerOS-SA-2026-2033)
According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...
EulerOS Virtualization 2.10.0 : python3 (EulerOS-SA-2026-2060)
According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...
CVE-2026-7010
HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...
CVE-2026-29199
phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When forceservervars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Hos...
CVE-2025-8154
In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP...
CVE-2026-43935
e107 is a content management system CMS. Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, o...
CVE-2026-32993
Improper sanitization of the status query parameter of the /unprotected/novaerror endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response...
CVE-2026-39971
Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $SERVER'HTTPHOST' directly into the Message-ID SMTP header without validation, and the existing sanitization function serendipityisResponseClean is not...
CVE-2026-21826
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways...
EUVD-2026-34787
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways...
CVE-2026-21826 HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways...