Lucene search
+L

63 matches found

Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55934

Name of the Vulnerable Software and Affected Versions ModSecurity versions 3.0.0 through 3.0.15 Description The t:utf8toUnicode transformation in src/actions/transformations/utf8 to unicode.cc produces incorrect output on i386 architecture. This occurs because the snprintf function uses sizeof on...

5.8CVSS6.1AI score0.00411EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/01 4:32 a.m.42 views

CVE-2026-12127 WPForms <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via Reply-To Display Name

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS0.00343EPSS
Exploits0References11
OSV
OSV
added 2026/06/23 12:59 p.m.8 views

JLSEC-2026-619 CR/LF injection in server-sent events (SSE) fields in HTTP.jl

Description The server-side SSE serializer wrote the single-line fields event, id, and retry verbatim to the text/event-stream wire with no CR/LF filtering, and split the multi-line data field only on \n, ignoring a bare \r that is also a valid SSE line terminator. The SSEEvent constructor...

6AI score
Exploits0References2
NVD
NVD
added 2026/05/30 4:17 p.m.17 views

CVE-2026-8594

Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters such as VT, FF and others into segments, but applies the break function to the entire string, not just t...

6.2CVSS0.002EPSS
Exploits0References4
OSV
OSV
added 2026/05/30 4:17 p.m.13 views

UBUNTU-CVE-2026-8594

Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters such as VT, FF and others into segments, but applies the break function to the entire string, not just t...

6.2CVSS5.8AI score0.002EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/30 3:32 p.m.23 views

EUVD-2026-33466

Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters such as VT, FF and others into segments, but applies the break function to the entire string, not just t...

5.8AI score0.002EPSS
Exploits0References3
CVE
CVE
added 2026/05/30 3:32 p.m.31 views

CVE-2026-8594

Summary: CVE-2026-8594 affects Text::LineFold (Perl) up to version 2019.001, which is part of the Unicode-LineBreak distribution. The issue arises because the line-breaking logic applies the break function to the entire input string, not just each segment, causing the full input to be duplicated ...

6.2CVSS5.8AI score0.002EPSS
Exploits0References4
OSV
OSV
added 2026/05/30 3:32 p.m.3 views

CVE-2026-8594 Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters

Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters such as VT, FF and others into segments, but applies the break function to the entire string, not just t...

6.2CVSS6AI score0.002EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.19 views

PT-2026-45104

Name of the Vulnerable Software and Affected Versions Text::LineFold versions prior to 2019.002 Description Text::LineFold splits input strings into segments using specific line break characters, such as Vertical Tab VT and Form Feed FF. However, the break function is applied to the entire string...

6.2CVSS5.8AI score0.002EPSS
Exploits0References9
OSV
OSV
added 2026/05/27 8:42 p.m.8 views

GHSA-QPMX-3RFJ-7RHV Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

7.1CVSS5.8AI score0.00619EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.8 views

Pi-hole 注入漏洞

Pi-hole is a web-level ad blocking application developed by Pi-hole Inc. Versions of Pi-hole prior to 6.6.1 had a injection vulnerability. This vulnerability stemmed from the lack of validation of line breaks in the dns.interface configuration field, allowing attackers to inject arbitrary command...

8.8CVSS6AI score0.00956EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/22 2:56 p.m.6 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the settingsToParameters process. An attacker can execute arbitrary code and alter the configuration of child processes by injecting newline characters into PHP INI values that are forwarded to child processes. This...

8.5CVSS6.3AI score0.00191EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/22 9:31 a.m.9 views

EUVD-2026-24637

The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields before writing them to the Apache .htaccess file via insertwithmarkers. This makes it possible for...

5.5CVSS5.8AI score0.00474EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 12:18 p.m.5 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the jsdiff JavaScript library

Summary Due to use of the jsdiff JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential denial of service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-24001 DESCRIPTION: jsdiff is a JavaScript text differencing implementation. Prior to versions...

7.5CVSS6.2AI score0.00562EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/02 5:57 p.m.3 views

CVE-2026-34715 ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting)

ewe is a Gleam web server. Prior to version 3.0.6, the encodeheaders function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF \r\n sequences. An application that passes user-controlled data into...

5.3CVSS5.7AI score0.00327EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/18 3:48 p.m.10 views

Security Bulletin: IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec (CVE-2025-67735)

Summary IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec CVE-2025-67735. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions...

6.5CVSS6.5AI score0.00298EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.15 views

libsoup 安全漏洞

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability, which stems from improper input cleaning in the soupmessageheaderssetcontenttype function. This vulnerability could allow attackers to inject CRLF sequences by controlling the value of the Content-Type...

6.5CVSS5.8AI score0.00184EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/10 3:2 a.m.33 views

CVE-2026-23686 CRLF Injection vulnerability in SAP NetWeaver Application Server Java

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

3.4CVSS0.00164EPSS
Exploits0References2
Debian
Debian
added 2026/02/05 7:43 p.m.9 views

[SECURITY] [DSA 6119-1] openjdk-25 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6119-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 05, 2026 https://www.debian.org/security/faq -...

7.5CVSS6AI score0.00864EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2026/01/22 3:15 a.m.10 views

CVE-2026-24001

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...

7.5CVSS6.2AI score0.00562EPSS
Exploits0References5
Rows per page
Query Builder