Lucene search
K

113 matches found

CVE
CVE
added 2 days ago90 views

CVE-2026-45067

The CVE affects Symfony MIME Address: the constructor previously accepted local-parts like "x\r\nBcc: attacker@evil" which could be emitted into message headers and SMTP commands (MAIL FROM/RCPT), enabling CRLF injection. The issue’s root cause is acceptance of line breaks in quoted local-parts; ...

6.3CVSS6.1AI score0.00619EPSS
Exploits0References6
CVE
CVE
added 2 days ago5 views

CVE-2025-62675

The CVE-2025-62675 entry concerns an issue described as an Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Response Splitting) in Fortinet FortiOS and FortiProxy products. Affected versions are FortiOS 7.6.0–7.6.4, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiProxy 7.6...

4.3CVSS6.2AI score0.00238EPSS
Exploits0References1Affected Software2
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-52747

A flaw was found in ModSecurity, an open-source web application firewall WAF. The multipart/form-data request body parser in libmodsecurity incorrectly handles embedded line breaks in non-file form-field values. This discrepancy between ModSecurity and backend applications, which preserve line...

8.6CVSS6.1AI score0.00476EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-52747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request bo...

8.6CVSS6AI score0.00476EPSS
Exploits1References4
NVD
NVD
added 6 days ago9 views

CVE-2026-52747

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS0.00476EPSS
Exploits1References3
OSV
OSV
added 6 days ago2 views

UBUNTU-CVE-2026-52747

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS6AI score0.00476EPSS
Exploits1References5
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-52747 ModSecurity: Multipart form-data parser silently strips embedded line breaks from form-field values, enabling request-body inspection bypass

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS0.00476EPSS
Exploits1References3
CVE
CVE
added 6 days ago18 views

CVE-2026-52747

Summary of CVE-2026-52747 ModSecurity (the open‑source WAF engine for Apache/IIS/Nginx) prior to version 3.0.16 contains a parsing bug in the multipart/form-data body processor. Specifically, the libmodsecurity multipart parser silently removes embedded line breaks from non-file form-field values...

8.6CVSS6AI score0.00476EPSS
Exploits1References3Affected Software1
OSV
OSV
added 6 days ago3 views

CVE-2026-52747 ModSecurity: Multipart form-data parser silently strips embedded line breaks from form-field values, enabling request-body inspection bypass

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS6AI score0.00476EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:34 p.m.6 views

CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

6.3CVSS5.6AI score0.00313EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.13 views

Etsy::StatsD 安全漏洞

Etsy::StatsD is an open-source application performance monitoring and metric collection component developed by statsd. Etsy::StatsD versions 1.002002 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of checks for line breaks, colons, or pipes in metric...

7.5CVSS5.2AI score0.00262EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Net::Statsd::Lite 安全漏洞

Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.13 contained security vulnerabilities. These vulnerabilities stemmed from the lack of checks for line breaks, colons, or pipes in...

5.3CVSS5.2AI score0.00258EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.11 views

Text::LineFold 安全漏洞

Text::LineFold is a Perl text processing module developed by NEZUMI’s individual developers. Versions of Text::LineFold starting from 2019.001 and earlier contained security vulnerabilities. These vulnerabilities were caused by repeated output based on the number of special line breaks, which cou...

6.2CVSS5.8AI score0.002EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/27 8:42 p.m.13 views

Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

6.3CVSS5.8AI score0.00619EPSS
Exploits0References6Affected Software2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.23 views

BentoML 代码注入漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.39, there was a code injection vulnerability. This vulnerability stemmed from the envs.name value...

8.8CVSS5.9AI score0.00321EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/05/22 2:16 p.m.10 views

CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

9.2CVSS5.9AI score0.00848EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-44136

Name of the Vulnerable Software and Affected Versions Symfony versions prior to 5.4.21 Description The SymfonyComponentMimeAddress constructor fails to properly validate email addresses when the local-part is a quoted string containing raw carriage return and line feed r bytes. This allows an...

7.1CVSS6.1AI score0.00619EPSS
Exploits0References19
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.13 views

Net::Statsd::Lite 注入漏洞

Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.10.0 have a vulnerability due to the setadd method not checking for line breaks, colons, or pipes, which may lead to metric...

7.3CVSS5.8AI score0.00226EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

Net::Statsd::Lite 注入漏洞

Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.9.0 have a injection vulnerability. This vulnerability arises from the lack of checks for line breaks, colons, or vertical bars in...

6.5CVSS5.8AI score0.00306EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.47 views

Gotenberg 参数注入漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg 8.30.1 and earlier contained a parameter injection vulnerability. This vulnerability stemmed from the fact that the metadata writing...

10CVSS5.9AI score0.00611EPSS
Exploits1References1
Rows per page
Query Builder