Lucene search
+L

884 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/25 5:41 p.m.6 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to HTTP header injection (CVE-2025-14807)

Summary A HTTP header injection vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-14807 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This coul...

6.5CVSS5.7AI score0.00221EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.12 views

PT-2026-28126

Name of the Vulnerable Software and Affected Versions IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 Description The software is susceptible to HTTP header injection due to inadequate input validation of the HOST headers. This could enable an attacker to perform various...

6.5CVSS5.6AI score0.00221EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.6 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1.6)

The version of AOS installed on the remote host is prior to 7.3.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1.6 advisory. - The email module, specifically the BytesGenerator class, didn't properly quote newlines for email headers when serializing ...

7.5CVSS7AI score0.64718EPSS
Exploits1References6
Ubuntu
Ubuntu
added 2026/03/19 5:20 a.m.14 views

USN-8018-3: Python 2.7 vulnerabilities

USN-8018-1 fixed CVE-2025-12084, CVE-2025-15282, CVE-2026-0672, CVE-2026-0865 for python3. This update provides the corresponding updates for python2.7. Original advisory details: Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this iss...

6.3CVSS7.2AI score0.00708EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/17 9:44 a.m.4 views

CVE-2026-3632

A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where...

3.9CVSS5.8AI score0.00207EPSS
Exploits1References4
OSV
OSV
added 2026/03/12 9:16 p.m.15 views

UBUNTU-CVE-2026-1527

ImpactWhen an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: Inject arbitrary HTTP headers Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 8:15 p.m.31 views

CVE-2025-13213 Multiple vulnerabilities in IBM Aspera Orchestrator

IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacki...

5.4CVSS0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/10 7:57 p.m.5 views

CVE-2025-36227 Multiple vulnerabilities in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijackin...

5.4CVSS5.7AI score0.0021EPSS
Exploits0References1
Amazon
Amazon
added 2026/03/06 12:0 a.m.5 views

Medium: python

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

6CVSS5.9AI score0.0055EPSS
Exploits0
Snyk
Snyk
added 2026/03/05 9:30 p.m.3 views

HTTP Header Injection

Overview @perfood/couch-auth is an Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript. Affected versions of this package are vulnerable to HTTP Header Injection via the mailer component. An attacker can gain unauthorized access to reset...

9.3CVSS5.8AI score0.00352EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-27810

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection...

6.4CVSS5.9AI score0.00206EPSS
Exploits1References3
OSV
OSV
added 2026/03/03 1:5 p.m.4 views

SUSE-SU-2026:0767-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2025-12781: inadequate parameter check can cause data integrity issues bsc1257108. - CVE-2025-1528...

6.3CVSS6AI score0.0055EPSS
Exploits1References15
UbuntuCve
UbuntuCve
added 2026/02/27 8:21 p.m.6 views

CVE-2026-27810

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...

6.4CVSS6AI score0.00206EPSS
Exploits1References2
OSV
OSV
added 2026/02/27 8:21 p.m.7 views

UBUNTU-CVE-2026-27810

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...

6.4CVSS5.9AI score0.00206EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/27 7:44 p.m.6 views

EUVD-2026-9056

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...

6.4CVSS6AI score0.00206EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/27 7:44 p.m.5 views

CVE-2026-27810 calibre Vulnerable to HTTP Response Header Injection

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...

6.4CVSS6AI score0.00206EPSS
Exploits1References1
SUSE Linux
SUSE Linux
added 2026/02/27 3:14 p.m.6 views

Security update for python311

This update for python311 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2025-12781: inadequate parameter check can cause data integrity issues bsc1257108. CVE-2025-15282:...

8.7CVSS6AI score0.0055EPSS
Exploits1References28
SUSE Linux
SUSE Linux
added 2026/02/25 4:28 p.m.4 views

Security update for python312

This update for python312 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

8.7CVSS5.5AI score0.0055EPSS
Exploits0References24
SUSE Linux
SUSE Linux
added 2026/02/25 4:27 p.m.11 views

Security update for python313

This update for python313 fixes the following issues: Update to Python 3.13.12 CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel. bsc1257031 CVE-2026-0865: Fixed a bug where a user-controlled header containing newlines can...

8.7CVSS5.5AI score0.0055EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/02/21 12:0 a.m.5 views

SUSE SLES15: libpython2_7-1_0 / libpython2_7-1_0-32bit / python / python-32bit / etc (SUSE-SU-2026:0590-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0590-1 advisory. - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel...

6CVSS7.2AI score0.00463EPSS
Exploits0References14
Rows per page
Query Builder