Lucene search
K

3931 matches found

Snyk
Snyk
added 2026/04/14 11:27 p.m.13 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.5 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.6 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.8 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.8 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.11 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 8:8 p.m.5 views

HTTP Response Splitting

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to HTTP Response Splitting via the parseTokens header processing path in lib/core/AxiosHeaders.js. An attacker can smuggle HTTP requests or inject arbitrary...

9CVSS6.1AI score0.01815EPSS
Exploits5References2
Snyk
Snyk
added 2026/04/10 8:8 p.m.9 views

HTTP Response Splitting

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to HTTP Response Splitting via the parseTokens header processing path in lib/core/AxiosHeaders.js. An attacker can smuggle HTTP requests or inject arbitrary headers by...

9CVSS5.9AI score0.01815EPSS
Exploits5References2
Snyk
Snyk
added 2026/04/08 12:17 a.m.4 views

HTTP Response Splitting

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Response Splitting via the setCookie function. An attacker can cause runtime errors and potentially disrupt application behavior by supplying specially crafted input as the cookie...

6.9CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2026/04/06 9:22 p.m.9 views

CVE-2026-35404

Open edX Platform is affected by CVE-2026-35404 due to an unvalidated redirect_url parameter in the view_survey endpoint. The parameter is passed directly to HttpResponseRedirect(), causing a 302 redirect when a non-existent survey name is requested. The same unvalidated URL is also returned in a...

6.1CVSS5.8AI score0.00223EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/03 11:43 p.m.18 views

CVE-2026-34767

CVE-2026-34767 affects Electron before 38.8.6, 39.8.3, 40.8.3, and 41.0.3. It describes HTTP response header injection when apps register custom protocol handlers (protocol.handle / protocol.registerSchemesAsPrivileged) or modify headers via webRequest.onHeadersReceived if attacker-controlled inp...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/04/01 9:48 p.m.4 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the reason parameter in the HTTP response creation process. An attacker can inject unauthorized headers or manipulate the HTTP response by supplying specially crafted input containing carriage return...

6.9CVSS5.9AI score0.00292EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/01 8:26 p.m.3 views

CVE-2026-34519 AIOHTTP: HTTP response splitting via \r in reason phrase

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS5.7AI score0.00292EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2026/03/30 12:0 a.m.10 views

Fedora: Security Advisory (FEDORA-2026-c5273647fa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.7CVSS5.9AI score0.00187EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.5 views

Fedora 43 : mongo-c-driver (2026-cc129df978)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cc129df978 advisory. - Fix handling in HTTP response parser CVE-2026-4359 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

3.7CVSS6AI score0.00187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.5 views

CVE-2026-24097

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/registerexisting endpoint, which could lead to information disclosure...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 12:59 p.m.13 views

CVE-2025-55271

CVE-2025-55271 affects HCL Aftermarket DPC via HTTP Response Splitting vulnerability. The available connected documents describe that an attacker may be able to execute arbitrary commands or inject harmful content depending on how the web application handles split responses. The PT-2026-28296 ent...

8.8CVSS6.1AI score0.00318EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/19 3:47 p.m.4 views

CVE-2026-32865

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing...

9.8CVSS5.9AI score0.00307EPSS
Exploits0References3
OSV
OSV
added 2026/03/17 8:16 p.m.3 views

UBUNTU-CVE-2026-4359

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver...

3.7CVSS5.8AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/03/17 7:42 p.m.23 views

CVE-2026-4359

MongoDB C driver is affected by CVE-2026-4359: a compromised cloud server or MITM can send a malformed HTTP response that causes a crash in applications using the driver. Affected component: the MongoDB C driver’s HTTP response handling. Root cause: malformed HTTP response handling leading to a c...

3.7CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder