Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

33334 matches found

EUVD
EUVDadded 2026/05/25 2:0 p.m.7 views

EUVD-2026-31690

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

6.9CVSS6AI score0.00039EPSS
Exploits1References4
OSV
OSVadded 2026/05/25 2:0 p.m.5 views

EEF-CVE-2026-47072 CRLF injection in WebSocket upgrade request in hackney

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the...

6.9CVSS6AI score0.00039EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:0 p.m.8 views

CVE-2026-47072

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

6.9CVSS6AI score0.00039EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/25 2:0 p.m.7 views

CVE-2026-47072 CRLF injection in WebSocket upgrade request in hackney

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

6.9CVSS6AI score0.00039EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/05/25 2:0 p.m.32 views

CVE-2026-47072 CRLF injection in WebSocket upgrade request in hackney

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

6.9CVSS0.00039EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:0 p.m.6 views

CVE-2026-47070

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request...

9.8CVSS6.8AI score0.03854EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/25 2:0 p.m.5 views

CVE-2026-47070 HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request...

6CVSS5.8AI score0.00027EPSS
Exploits1References4
OSV
OSVadded 2026/05/25 2:0 p.m.4 views

EEF-CVE-2026-47070 HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney

Summary Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3...

6CVSS5.8AI score0.00027EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/05/25 2:0 p.m.29 views

CVE-2026-47070 HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request...

6CVSS0.00027EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:0 p.m.6 views

CVE-2026-47075

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

6.8CVSS5.9AI score0.00033EPSS
Exploits1References5
Cvelist
Cvelistadded 2026/05/25 2:0 p.m.32 views

CVE-2026-47075 CR/LF injection in query parameter in hackney

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

6.8CVSS0.00033EPSS
Exploits1References4
EUVD
EUVDadded 2026/05/25 2:0 p.m.9 views

EUVD-2026-31687

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

6.8CVSS5.9AI score0.00033EPSS
Exploits1References4
CVE
CVEadded 2026/05/25 2:0 p.m.12 views

CVE-2026-47066

CVE-2026-47066 describes an Infinite Loop in the Alt-Svc header parser of benoitc’s hackney. The vulnerable component is the Alt-Svc response header parser (src/hackney_altsvc.erl); when parse_token/2 receives certain inputs, it may return the input unchanged, and skip_comma/1 can fail to progres...

8.7CVSS6AI score0.00049EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2026/05/25 2:0 p.m.30 views

CVE-2026-47066 Infinite loop in Alt-Svc header parser in hackney

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...

8.7CVSS0.00049EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/05/25 2:0 p.m.5 views

CVE-2026-47066 Infinite loop in Alt-Svc header parser in hackney

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...

8.7CVSS6AI score0.00049EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:0 p.m.6 views

CVE-2026-47066

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...

8.7CVSS6AI score0.00049EPSS
Exploits1References5
EUVD
EUVDadded 2026/05/25 2:0 p.m.8 views

EUVD-2026-31686

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...

8.7CVSS6AI score0.00049EPSS
Exploits1References4
OSV
OSVadded 2026/05/25 2:0 p.m.4 views

EEF-CVE-2026-47066 Infinite loop in Alt-Svc header parser in hackney

Summary Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !...

8.7CVSS6AI score0.00049EPSS
Exploits1References4
OSV
OSVadded 2026/05/25 9:5 a.m.3 views

OPENSUSE-SU-2026:20792-1 Security update for perl-HTTP-Tiny

This update for perl-HTTP-Tiny fixes the following issues: Changes in perl-HTTP-Tiny: - updated to 0.094 0.094 - No changes from 0.093-TRIAL 0.093 - fix to prevent invalid characters in all headers, and prevent header smuggling CVE-2026-7010 bsc1264992 - updated to 0.092 0.092 - No changes from...

6.5CVSS5.8AI score0.00038EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/05/25 7:52 a.m.9 views

CVE-2026-44572

A flaw was found in Next.js. An external client could exploit this vulnerability by sending a x-nextjs-data header on a request to a path handled by middleware that returns a redirect. This action could cause the middleware or proxy to incorrectly process the request as a data request, replacing...

5.9CVSS5.7AI score0.00008EPSS
Exploits0References4
Rows per page
Query Builder