Lucene search
+L

23 matches found

OSV
OSV
added 2026/06/23 12:59 p.m.9 views

JLSEC-2026-616 HTTP/1 client request smuggling via CR/LF in method, target, or host in HTTP.jl

Description The HTTP/1 client serialized request.method and request.target and, in forward-proxy absolute-form, the host verbatim onto the wire with no CR/LF/CTL filtering; the only target validator was wired solely into the server parse path. A caller passing an attacker-influenced URL or method...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/12 3:7 p.m.67 views

GHSA-CQ87-8R7H-962V SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

8.9CVSS5.7AI score0.00044EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48923

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

8.9CVSS5.7AI score0.00044EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 3:36 p.m.17 views

CLSA-2026-1778254552 httpd: Fix of 8 CVEs

CVE-2026-24072: modrewrite/modsetenvif: use APEXPRFLAGRESTRICTED in htaccess to prevent reading server-side files via apexpr from .htaccess - CVE-2026-29169: moddavlock: NULL pointer dereference in davgenericrefreshlocks use dpscan instead of dp - CVE-2026-33006: modauthdigest: timing attack —...

8.8CVSS5.8AI score0.00654EPSS
Exploits2References1
OSV
OSV
added 2026/05/06 10:16 p.m.8 views

DEBIAN-CVE-2026-41417

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

5.3CVSS5.8AI score0.00307EPSS
Exploits1References1
OSV
OSV
added 2026/05/06 10:16 p.m.6 views

UBUNTU-CVE-2026-41417

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

5.3CVSS5.8AI score0.00307EPSS
Exploits1References3
CVE
CVE
added 2026/05/06 8:52 p.m.59 views

CVE-2026-41417

CVE-2026-41417 — Netty HTTP/RTSP injection flaw : Netty allows CRLF characters in a URI when created via DefaultHttpRequest or DefaultFullHttpRequest and later modified with setUri(), bypassing constructor validation. Consequently, HttpRequestEncoder and RtspEncoder may embed attacker-controlled ...

5.3CVSS5.8AI score0.00307EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 8:52 p.m.8 views

CVE-2026-41417 Netty vulnerable to HTTP request smuggling and RTSP request injection via DefaultHttpRequest.setUri()

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

5.3CVSS5.8AI score0.00307EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/06 8:52 p.m.52 views

CVE-2026-41417 Netty vulnerable to HTTP request smuggling and RTSP request injection via DefaultHttpRequest.setUri()

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

5.3CVSS0.00307EPSS
Exploits1References1
OSV
OSV
added 2026/05/06 8:52 p.m.2 views

CVE-2026-41417 Netty vulnerable to HTTP request smuggling and RTSP request injection via DefaultHttpRequest.setUri()

Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same validation...

5.3CVSS6.8AI score0.00307EPSS
Exploits1References3
OSV
OSV
added 2025/08/11 1:54 p.m.13 views

BIT-LIBPHP-2025-1736 Stream HTTP wrapper header check might omit basic auth header

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

7.3CVSS7.1AI score0.00531EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/05/13 2:0 p.m.140 views

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

7.3CVSS5.7AI score0.00531EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/03/30 12:0 a.m.4 views

PHP 安全漏洞

PHP is a scripting language in which PHP is executed server-side. A security vulnerability exists in PHP versions prior to 8.1.32, 8.2.28, 8.3.19, and 8.4.5, which stems from an insufficient validation of end-of-line characters when sending user-supplied headers may result in certain headers not...

7.3CVSS6.1AI score0.00531EPSS
Exploits0References1
OSV
OSV
added 2025/03/14 12:0 a.m.4 views

UBUNTU-CVE-2025-1736

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

7.3CVSS6.7AI score0.00531EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2024/01/23 12:0 a.m.10 views

The vulnerability of the software for managing and controlling access to corporate resources and IBM Security Verify Governance applications lies in the insufficient validation of arguments passed to the command line. This allows attackers to execute arbitrary commands.

The vulnerability of the software for managing and controlling access to corporate resources and applications of IBM Security Verify Governance is related to insufficient validation of arguments passed to the command line. Exploiting this vulnerability allows a malicious actor to execute arbitrar...

9CVSS8AI score0.01105EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/13 12:0 a.m.8 views

The vulnerability of the Microsoft Exchange Server mail server, related to errors in checking command arguments, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Exchange Server is related to errors during the validation of command-line arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

8CVSS8.1AI score0.03709EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/23 12:0 a.m.4 views

Cisco FXOS Software 安全漏洞

Cisco FXOS Software is a suite of firewall software from Cisco that runs in Cisco security appliances. A security vulnerability exists in Cisco FXOS Software that stems from a failure to validate the parameters of a CLI command, resulting in an arbitrary file write vulnerability. An attacker coul...

6CVSS6.4AI score0.0017EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/09/10 1:45 p.m.6 views

chromium-browser: Insufficient validation of untrusted input in command line handling

Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

6.5CVSS7.4AI score0.01502EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2019/12/10 8:0 a.m.50 views

Git for Visual Studio Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts wit...

9.3CVSS4.1AI score0.24014EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/12/10 8:0 a.m.34 views

Git for Visual Studio Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts wit...

9.3CVSS4.1AI score0.22427EPSS
Exploits0
Rows per page
Query Builder