163 matches found
EUVD-2014-0046
Malware in sbrugna...
EUVD-2022-1638
Malicious code in bioql PyPI...
CVE-2025-28357
A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute arbitrary code via supplying a crafted HTTP request...
Neto CMS 安全漏洞
Neto CMS is an e-commerce platform from Neto Australia. A security vulnerability exists in Neto CMS versions v6.313.0 through v6.314.0 that originates from a specially crafted HTTP request resulting in a CRLF injection that may execute arbitrary code...
PT-2025-40283
Name of the Vulnerable Software and Affected Versions Neto CMS versions 6.313.0 through 6.314.0 Description A CRLF injection flaw exists in Neto CMS. This issue allows attackers to potentially execute arbitrary code by submitting a specially crafted HTTP request. The vulnerability is due to...
EulerOS 2.0 SP12 : git (EulerOS-SA-2025-2004)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full...
Security Bulletin: HTTP Request/Response Splitting via Improper CRLF Neutralization in Payara Server and Micro (Grizzly, REST Modules), affects watsonx.data
Summary Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in Payara Platform Payara Server Grizzly, REST Management Interface modules, Payara Platform Payara Micro Grizzly modules allows Manipulating State, Identity Spoofing.This issue affec...
CVE-2025-58056
Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size line...
CVE-2025-57804
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...
CVE-2025-57804 h2 allows HTTP Request Smuggling due to illegal characters in headers
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...
GHSA-847F-9342-265H h2 allows HTTP Request Smuggling due to illegal characters in headers
Summary HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request...
h2 allows HTTP Request Smuggling due to illegal characters in headers
Summary HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request...
PT-2025-34706
Name of the Vulnerable Software and Affected Versions: h2 versions prior to 4.3.0 Description: h2 is a pure-Python implementation of a HTTP/2 protocol stack. A request splitting issue allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when...
Linux Distros Unpatched Vulnerability : CVE-2025-48384
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to...
DECE Software Geodi 注入漏洞
DECE Software Geodi is an AI and NLP-driven data discovery, classification, and search platform from DECE Software, UK. DECE Software Geodi suffers from an injection vulnerability that stems from improper CRLF sequence neutralization, which could lead to HTTP request splitting...
SUSE CVE-2025-48384
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...
ALPINE-CVE-2025-48384
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...
DEBIAN-CVE-2025-47905
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries...
CLSA-2025-1744782851 php: Fix of CVE-2025-1736
CVE-2025-1736: add checking of http user header crlf...
AZL-78982 CVE-2025-22871 affecting package golang 1.25.7-1
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...