Lucene search
+L

163 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2014-0046

Malware in sbrugna...

6.4CVSS6AI score0.02479EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1638

Malicious code in bioql PyPI...

5.8CVSS6.6AI score0.02407EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/10/02 12:17 a.m.13 views

CVE-2025-28357

A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute arbitrary code via supplying a crafted HTTP request...

8.8CVSS8.1AI score0.00413EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.5 views

Neto CMS 安全漏洞

Neto CMS is an e-commerce platform from Neto Australia. A security vulnerability exists in Neto CMS versions v6.313.0 through v6.314.0 that originates from a specially crafted HTTP request resulting in a CRLF injection that may execute arbitrary code...

8.8CVSS7.6AI score0.00413EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.6 views

PT-2025-40283

Name of the Vulnerable Software and Affected Versions Neto CMS versions 6.313.0 through 6.314.0 Description A CRLF injection flaw exists in Neto CMS. This issue allows attackers to potentially execute arbitrary code by submitting a specially crafted HTTP request. The vulnerability is due to...

8.8CVSS7.6AI score0.00413EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

EulerOS 2.0 SP12 : git (EulerOS-SA-2025-2004)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full...

8CVSS8AI score0.02775EPSS
Exploits9References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/09 3:20 p.m.5 views

Security Bulletin: HTTP Request/Response Splitting via Improper CRLF Neutralization in Payara Server and Micro (Grizzly, REST Modules), affects watsonx.data

Summary Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in Payara Platform Payara Server Grizzly, REST Management Interface modules, Payara Platform Payara Micro Grizzly modules allows Manipulating State, Identity Spoofing.This issue affec...

2.4CVSS6.7AI score0.00225EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/09/03 9:15 p.m.4 views

CVE-2025-58056

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size line...

7.5CVSS0.00631EPSS
Exploits1References7
NVD
NVD
added 2025/08/25 9:15 p.m.4 views

CVE-2025-57804

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...

6.9CVSS0.01596EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/25 9:4 p.m.9 views

CVE-2025-57804 h2 allows HTTP Request Smuggling due to illegal characters in headers

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...

6.9CVSS0.01596EPSS
Exploits0References2
OSV
OSV
added 2025/08/25 8:44 p.m.2 views

GHSA-847F-9342-265H h2 allows HTTP Request Smuggling due to illegal characters in headers

Summary HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request...

6.9CVSS6.4AI score0.01596EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/25 8:44 p.m.8 views

h2 allows HTTP Request Smuggling due to illegal characters in headers

Summary HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request...

6.9CVSS6.5AI score0.01596EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/23 12:0 a.m.2 views

PT-2025-34706

Name of the Vulnerable Software and Affected Versions: h2 versions prior to 4.3.0 Description: h2 is a pure-Python implementation of a HTTP/2 protocol stack. A request splitting issue allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when...

9.8CVSS5.2AI score0.01596EPSS
Exploits0References199
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-48384

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to...

8CVSS7.8AI score0.02775EPSS
Exploits9References2
CNNVD
CNNVD
added 2025/07/29 12:0 a.m.5 views

DECE Software Geodi 注入漏洞

DECE Software Geodi is an AI and NLP-driven data discovery, classification, and search platform from DECE Software, UK. DECE Software Geodi suffers from an injection vulnerability that stems from improper CRLF sequence neutralization, which could lead to HTTP request splitting...

7.2CVSS7.2AI score0.0021EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/07/09 11:22 p.m.3 views

SUSE CVE-2025-48384

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...

7.8CVSS6.8AI score0.02775EPSS
Exploits9References12
OSV
OSV
added 2025/07/08 7:15 p.m.2 views

ALPINE-CVE-2025-48384

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...

8CVSS6.8AI score0.02775EPSS
Exploits9References1
OSV
OSV
added 2025/05/13 10:15 p.m.2 views

DEBIAN-CVE-2025-47905

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...

5.4CVSS5.9AI score0.00328EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 5:54 a.m.5 views

CLSA-2025-1744782851 php: Fix of CVE-2025-1736

CVE-2025-1736: add checking of http user header crlf...

7.3CVSS5.8AI score0.00531EPSS
Exploits0References1
OSV
OSV
added 2025/04/08 8:15 p.m.12 views

AZL-78982 CVE-2025-22871 affecting package golang 1.25.7-1

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

9.1CVSS6.7AI score0.00778EPSS
Exploits0References1
Rows per page
Query Builder