Lucene search
+L

884 matches found

cve
cve
added 2 days ago9 views

CVE-2025-62826

Summary: CVE-2025-62826 describes an HTTP Response Splitting (CWE-113) in Fortinet FortiOS and FortiProxy products. Affected versions: FortiOS 7.6.0–7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions; FortiProxy 7.6.0–7.6.4, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions. Root ca...

4.3CVSS6.2AI score0.00257EPSS
Exploits0References1Affected Software2
nessus
nessus
added 2 days ago12 views

Fortinet Fortigate Header injection in captive portal authentication form (FG-IR-26-153)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-153 advisory. - An Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' vulnerability CWE-113 vulnerability ...

4.3CVSS6.2AI score0.00257EPSS
Exploits0References2
nessus
nessus
added 6 days ago8 views

EulerOS 2.0 SP12 : busybox (EulerOS-SA-2026-2521)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line ...

8.8CVSS7.3AI score0.00375EPSS
Exploits1References3
nessus
nessus
added 6 days ago9 views

EulerOS 2.0 SP12 : busybox (EulerOS-SA-2026-2581)

According to the versions of the busybox packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line...

8.8CVSS7.3AI score0.00375EPSS
Exploits1References3
patchstack
patchstack
added 2026/06/19 2:21 p.m.8 views

NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...

5.9CVSS5.8AI score0.00257EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/06/19 2:21 p.m.13 views

GHSA-P88M-4JFJ-68FV undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

Impact undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...

5.9CVSS6AI score0.00257EPSS
Exploits0References4
github
github
added 2026/06/18 3:4 p.m.11 views

Kirby: Request header injection in `Http\Remote`

TL;DR This vulnerability affects Kirby sites and plugins that use the Kirby\Http\Remote class including Remote::request, Remote::get, Remote::post, and similar helpers to send outgoing HTTP requests and that pass untrusted, user-controlled data into the headers option of such a request. By...

6.9CVSS5.9AI score0.0029EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.14 views

PT-2026-50722

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Kirby sites and plugins using the KirbyHttpRemote class, including the functions Remote::request, Remote::get, and Remote::post, are susceptible to HTTP header injection...

6.9CVSS6AI score0.0029EPSS
Exploits0References8
redhatcve
redhatcve
added 2026/06/17 11:9 p.m.9 views

CVE-2026-9679

A flaw was found in undici. The cookie parser in the parseSetCookie function incorrectly decodes cookie values, which is contrary to standard specifications. This vulnerability allows an attacker-controlled upstream to inject arbitrary HTTP response headers, such as Set-Cookie, Location, or...

5.9CVSS5AI score0.00257EPSS
Exploits0References5
cvelist
cvelist
added 2026/06/17 4:56 p.m.26 views

CVE-2026-9679 undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...

5.9CVSS0.00257EPSS
Exploits0References2
nessus
nessus
added 2026/06/17 12:0 a.m.10 views

Bosch Security Systems IP Cameras Improper Input Validation (CVE-2021-23853)

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

9.8CVSS8.5AI score0.00856EPSS
Exploits0References2
euvd
euvd
added 2026/06/11 2:44 p.m.12 views

EUVD-2026-36252

IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

6.5CVSS5.3AI score0.00149EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/11 12:0 a.m.19 views

PT-2026-48672

Name of the Vulnerable Software and Affected Versions IBM DevOps Plan versions 3.0.0 through 3.0.6 Description An issue exists due to improper validation of input within the Host header of HTTP requests. This allows for HTTP header injection, which can be leveraged to perform cross-site scripting...

6.5CVSS5.7AI score0.00149EPSS
Exploits0References5
nessus
nessus
added 2026/06/11 12:0 a.m.7 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : Netty vulnerabilities (USN-8401-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8401-1 advisory. It was discovered that Netty's HTTP proxy handler did not properly validate heade...

9.8CVSS7.5AI score0.00969EPSS
Exploits6References7
redhat
redhat
added 2026/06/10 12:5 p.m.14 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.4 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

9.8CVSS6.8AI score0.00969EPSS
Exploits5References35
nessus
nessus
added 2026/06/10 12:0 a.m.11 views

EulerOS 2.0 SP13 : busybox (EulerOS-SA-2026-2324)

According to the versions of the busybox packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line...

6.5CVSS7.2AI score0.00285EPSS
Exploits1References2
suse
suse
added 2026/06/09 8:14 a.m.12 views

Security update for netty, netty-tcnative

This update for netty, netty-tcnative fixes the following issues CVE-2026-41417: missing validations leads to HTTP request smuggling and RTSP request injection via start-line injection in DefaultHttpRequest.setUri bsc1264350. CVE-2026-42578: HTTP Header Injection via HttpProxyHandler Disabled...

8.8CVSS6.7AI score0.00969EPSS
Exploits11References48
ibm
ibm
added 2026/06/09 6:7 a.m.11 views

Security Bulletin: IBM Cloud Pak for Data System 1.0 is affected by multiple vulnerabilities

Summary IBM Cloud Pak for Data System 1.0 CPDS 1.0 includes multiple third-party components that are affected by various security vulnerabilities. These vulnerabilities include denial of service issues in the Linux kernel and Python components, command injection vulnerabilities in Python's imapli...

8.8CVSS7.6AI score0.01525EPSS
Exploits0Affected Software1
osv
osv
added 2026/06/05 5:38 a.m.14 views

BIT-ACTIVEMQ-2026-42253 Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

6.1CVSS5.4AI score0.01107EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/06/02 12:0 a.m.21 views

PT-2026-45839

Name of the Vulnerable Software and Affected Versions tesla versions 0.8.0 through 1.18.2 Description Improper Neutralization of CRLF Sequences in HTTP Headers, also known as HTTP Request/Response Splitting, allows HTTP header injection. The function add content type param/2 within the...

2.1CVSS6.1AI score0.0017EPSS
Exploits0References13
Rows per page
Query Builder