CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3979 matches found

CVE-2026-48598

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...

2.1CVSS5.8AI score0.00014EPSS

Exploits0References1

RedhatCVE•added 5 hours ago•5 views

CVE-2026-48596

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...

2.1CVSS5.9AI score0.00021EPSS

Exploits0References1

Nuclei•added 11 hours ago•5 views

Apache CXF < 4.0.4 - Aegis DataBinding SSRF / Local File Read

Apache CXF before 4.0.4, 3.6.3 and 3.5.8 has a Server-Side Request Forgery SSRF vulnerability when using the Aegis DataBinding. The XOP Include mechanism in multipart SOAP requests can be abused to read local files or make server-side HTTP requests to arbitrary URLs. An attacker can use this to...

9.3CVSS7AI score0.50829EPSS

Exploits0References3

OSV•added yesterday•3 views

ROOT-APP-PYPI-CVE-2024-53981 CVE-2024-53981 in rootio-python-multipart - Patched by Root

Root has patched CVE-2024-53981 in the rootio-python-multipart package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.00121EPSS

Exploits0

OSV•added yesterday•4 views

ROOT-APP-PYPI-CVE-2026-42561 CVE-2026-42561 in rootio-python-multipart - Patched by Root

Root has patched CVE-2026-42561 in the rootio-python-multipart package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.8AI score0.00067EPSS

Exploits0

OSV•added yesterday•1 views

ROOT-APP-PYPI-CVE-2026-28356 CVE-2026-28356 in rootio-multipart - Patched by Root

Root has patched CVE-2026-28356 in the rootio-multipart package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.9AI score0.00859EPSS

Exploits0

SUSE Linux•added yesterday•3 views

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

8.7CVSS7.5AI score0.00043EPSS

Exploits0References26

SUSE Linux•added yesterday•4 views

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

8.7CVSS7.5AI score0.00043EPSS

Exploits0References26

Nuclei•added yesterday•58 views

SPIP BigUp Plugin - Remote Code Execution

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request. id: CVE-2024-8517 info: name: SPIP BigUp Plugin - Remote Code Execution...

9.8CVSS7.6AI score0.93372EPSS

Exploits7References5

NVD•added 2 days ago•6 views

CVE-2026-48596

2.1CVSS0.00021EPSS

Exploits0References4

NVD•added 2 days ago•6 views

CVE-2026-48598

2.1CVSS0.00014EPSS

Exploits0References4

CVE•added 2 days ago•7 views

CVE-2026-48596

Summary: CVE-2026-48596 affects the Elixir Tesla library (tesla) in its multipart handling. The vulnerability is in Tesla.Multipart.add_content_type_param/2, which appends caller-supplied strings to content_type_params without validating CR (\r) or LF (\n). Tesla.Multipart.headers/1 then joins th...

2.1CVSS5.9AI score0.00021EPSS

Exploits0References4

ATTACKERKB•added 2 days ago•5 views

CVE-2026-48596

2.1CVSS5.9AI score0.00021EPSS

Exploits0References5Affected Software1

OSV•added 2 days ago•4 views

EEF-CVE-2026-48596 CRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injection

Summary Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...

2.1CVSS5.9AI score0.00021EPSS

Exploits0References4