Lucene search
+L

885 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.6 views

MiracleLinux 3 : perl-5.8.8-32.6.0.1.AXS3 (AXSA:2011-563:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-563:02 advisory. Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is...

7.5CVSS8.1AI score0.13526EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.15 views

CVE-2021-27404

Askey RTF8115VW BRSVg11.11RTFTEF001V6.54V014 devices allow injection of a Host HTTP header...

6.1CVSS7.3AI score0.0087EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:50 a.m.8 views

CVE-2022-37724

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

6.1CVSS6.3AI score0.00546EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:29 a.m.11 views

CVE-2023-50963

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

6.5CVSS6.4AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.11 views

CVE-2023-45190

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

6.1CVSS6.3AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:3 a.m.9 views

CVE-2024-39736

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

9.8CVSS6.4AI score0.00366EPSS
Exploits0References1
Amazon
Amazon
added 2026/01/05 12:0 a.m.9 views

Important: python3-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can ...

7.5CVSS6.8AI score0.00403EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/11/26 12:0 a.m.6 views

The vulnerability of Autobahn’s library for implementing asynchronous web sockets and RPC interactions stems from insufficient validation and filtering of input data used to construct HTTP headers. This allows attackers to inject arbitrary headers into HTTP responses.

The vulnerability of the library for implementing asynchronous web sockets and RPC interactions in Autobahn is related to insufficient validation and filtering of input data used to construct HTTP headers. Exploiting this vulnerability allows a malicious actor to inject arbitrary headers into HTT...

6.4CVSS6.5AI score0.01425EPSS
Exploits0References7Affected Software7
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-60876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line to be split an...

6.5CVSS7.1AI score0.00285EPSS
Exploits1References4
Snyk
Snyk
added 2025/11/10 9:42 p.m.6 views

HTTP Header Injection

Overview Affected versions of this package are vulnerable to HTTP Header Injection via the processing of HTTP headers containing underscores, which are normalized to dashes by certain upstream applications. Authenticated users can escalate privileges by injecting specially crafted XForwarded-...

8.5CVSS7.2AI score0.00633EPSS
Exploits0References2
OSV
OSV
added 2025/11/10 8:15 p.m.2 views

DEBIAN-CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

6.5CVSS7.2AI score0.00285EPSS
Exploits1References1
CVE
CVE
added 2025/11/10 12:0 a.m.122 views

CVE-2025-60876

CVE-2025-60876 affects BusyBox wget up to 1.3.7. The issue stems from accepting raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target, allowing the request-line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape, a raw s...

6.5CVSS6.5AI score0.00285EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/10/27 8:15 p.m.6 views

CVE-2025-59151

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed CRLF injection. When a request is made to a file ending with the .lp extension, t...

8.2CVSS0.00398EPSS
Exploits1References1
CVE
CVE
added 2025/10/27 7:42 p.m.14 views

CVE-2025-59151

Pi-hole Admin Interface prior to 6.3 is vulnerable to CRLF injection via redirects on requests for files ending with .lp, allowing an attacker to inject arbitrary HTTP response headers and potentially affect session fixation, cache poisoning, and weakening of CSP or X-XSS-Protection. Root cause: ...

8.2CVSS6.9AI score0.00398EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/10/27 7:42 p.m.5 views

CVE-2025-59151 Pi-hole Admin Interface vulnerable to HTTP response header injection via CRLF injection

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed CRLF injection. When a request is made to a file ending with the .lp extension, t...

8.2CVSS7.3AI score0.00398EPSS
Exploits1References3
NVD
NVD
added 2025/10/10 5:15 p.m.9 views

CVE-2025-61689

HTTP.jl is an HTTP client and server functionality for the Julia programming language. Prior to version 1.10.19, HTTP.jl did not validate header names/values for illegal characters, allowing CRLF-based header injection and response splitting. This enables HTTP response splitting and header...

9.2CVSS0.00318EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-13793

Malware in sbrugna...

6.1CVSS5.5AI score0.01581EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2020-26266

Malware in sbrugna...

6.5CVSS6.6AI score0.01322EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2533

Malware in sbrugna...

8.8CVSS8.5AI score0.01381EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-5914

Malware in sbrugna...

4.3CVSS6.4AI score0.01786EPSS
Exploits0References8
Rows per page
Query Builder