884 matches found
Security Bulletin: IBM InfoSphere Information Server is vulnerable to HTTP header injection (CVE-2025-14807)
Summary A HTTP header injection vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-14807 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This coul...
PT-2026-28126
Name of the Vulnerable Software and Affected Versions IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 Description The software is susceptible to HTTP header injection due to inadequate input validation of the HOST headers. This could enable an attacker to perform various...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1.6)
The version of AOS installed on the remote host is prior to 7.3.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1.6 advisory. - The email module, specifically the BytesGenerator class, didn't properly quote newlines for email headers when serializing ...
USN-8018-3: Python 2.7 vulnerabilities
USN-8018-1 fixed CVE-2025-12084, CVE-2025-15282, CVE-2026-0672, CVE-2026-0865 for python3. This update provides the corresponding updates for python2.7. Original advisory details: Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this iss...
CVE-2026-3632
A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where...
UBUNTU-CVE-2026-1527
ImpactWhen an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: Inject arbitrary HTTP headers Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...
CVE-2025-13213 Multiple vulnerabilities in IBM Aspera Orchestrator
IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacki...
CVE-2025-36227 Multiple vulnerabilities in IBM Aspera Faspex
IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijackin...
Medium: python
Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...
HTTP Header Injection
Overview @perfood/couch-auth is an Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript. Affected versions of this package are vulnerable to HTTP Header Injection via the mailer component. An attacker can gain unauthorized access to reset...
Linux Distros Unpatched Vulnerability : CVE-2026-27810
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection...
SUSE-SU-2026:0767-1 Security update for python311
This update for python311 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2025-12781: inadequate parameter check can cause data integrity issues bsc1257108. - CVE-2025-1528...
CVE-2026-27810
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...
UBUNTU-CVE-2026-27810
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...
EUVD-2026-9056
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...
CVE-2026-27810 calibre Vulnerable to HTTP Response Header Injection
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...
Security update for python311
This update for python311 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2025-12781: inadequate parameter check can cause data integrity issues bsc1257108. CVE-2025-15282:...
Security update for python312
This update for python312 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...
Security update for python313
This update for python313 fixes the following issues: Update to Python 3.13.12 CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel. bsc1257031 CVE-2026-0865: Fixed a bug where a user-controlled header containing newlines can...
SUSE SLES15: libpython2_7-1_0 / libpython2_7-1_0-32bit / python / python-32bit / etc (SUSE-SU-2026:0590-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0590-1 advisory. - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel...