CVE-2026-47075

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

CVE-2026-47075

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

CVE-2026-47075

CVE-2026-47075 describes a CRLF injection in Hackney’s URL query handling. Hackney does not percent-encode CR/LF characters in the query string before forming the HTTP/1.1 request target, allowing an attacker who controls the URL to inject raw CRLF sequences and potentially perform HTTP header in...

PT-2026-43071

Name of the Vulnerable Software and Affected Versions hackney versions 0 through 4.0.0 Description Improper Neutralization of CRLF Sequences allows HTTP Request Splitting. The software fails to percent-encode carriage return r or line feed characters in the URL query component before constructing...

Astra Linux - уязвимость в twisted

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request...

MiracleLinux 7 : httpd-2.4.6-98.7.0.1.el7.AXS7 (AXSA:2023-5265:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5265:04 advisory. httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 Tenable has extracted the preceding description block directly from the MiracleLinu...

MiracleLinux 8 : squid:4 (AXSA:2021-1405:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1405:01 advisory. squid: Improper input validation in request allows for proxy manipulation CVE-2019-12520 squid: Off-by-one error in addStackElement allows for heap...

MiracleLinux 8 : squid:4 Security update (AXSA:2020-790:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-790:01 advisory. squid: HTTP Request Smuggling could result in cache poisoning CVE-2020-15810 squid: HTTP Request Splitting could result in cache poisoning...

curl: CRLF Injection in HTTP header values allows arbitrary header injection

curl allows carriage return \r and line feed \n characters inside HTTP header values. When attacker-controlled data is used in a header value e.g., Authorization: Bearer , curl construct and sends a malformed HTTP request containing injected headers. This violates HTTP specification RFC 7320 /RFC...

EUVD-2020-0229

Malware in sbrugna...

EUVD-2007-2287

Malware in sbrugna...

EUVD-2018-4094

Malware in sbrugna...

EUVD-2010-3545

Malware in sbrugna...

EUVD-2025-22989

Malicious code in bioql PyPI...

EUVD-2024-41751

Malicious code in bioql PyPI...

CVE-2025-11150

...

CVE-2025-6175

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in DECE Software Geodi allows HTTP Request Splitting.This issue affects Geodi: before GEODI Setup 9.0.146...

CVE-2025-6175

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in DECE Software Geodi allows HTTP Request Splitting.This issue affects Geodi: before GEODI Setup 9.0.146...

CVE-2025-6175 CRLF Injection in DECE Software's Geodi

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in DECE Software Geodi allows HTTP Request Splitting.This issue affects Geodi: before GEODI Setup 9.0.146...

CVE-2025-6175

CVE-2025-6175 describes an Improper Neutralization of CRLF Sequences (CRLF Injection) in DECE Software Geodi that allows HTTP Request Splitting. Affected product: DECE Software Geodi (before GEODI Setup 9.0.146). Root cause documented as improper CRLF handling, enabling split requests. Impact not...