Lucene search
K

8 matches found

RedHat Linux
RedHat Linux
added 2026/04/17 6:54 p.m.2 views

cpython: Header injection via newlines in data URL mediatype in Python

Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6CVSS6.9AI score0.0048EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/04/15 11:25 p.m.13 views

SUSE CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

7.8CVSS6.1AI score0.01184EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/04/15 2:5 a.m.7 views

CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

8.4CVSS6.1AI score0.01184EPSS
Exploits1References5
OSV
OSV
added 2026/02/25 4:27 p.m.3 views

SUSE-SU-2026:0643-1 Security update for python39

This update for python39 fixes the following issues: - CVE-2025-11468: Fixed a header injection when folding a long comment in an email header containing exclusively unfoldable characters. bsc1257029 - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters...

6CVSS5.6AI score0.0055EPSS
Exploits0References13
SUSE Linux
SUSE Linux
added 2026/02/24 3:14 p.m.4 views

Security update for python310

This update for python310 fixes the following issues: CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

8.7CVSS5.5AI score0.0055EPSS
Exploits0References24
OSV
OSV
added 2026/02/20 10:5 a.m.4 views

SUSE-SU-2026:0590-1 Security update for python

This update for python fixes the following issues: - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel. bsc1257031 - CVE-2026-0865: Fixed a bug where a user-controlled header containing newlines can allow injecting HTTP...

6CVSS7.3AI score0.00463EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/01/20 9:26 p.m.4 views

CVE-2026-0865 wsgiref.headers.Headers allows header newline injection

User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS5.4AI score0.00463EPSS
Exploits0References15
RedHat Linux
RedHat Linux
added 2020/08/18 6:7 p.m.9 views

ceph: radosgw: HTTP header injection via CORS ExposeHeader tag

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the...

6.5CVSS5.8AI score0.01619EPSS
Exploits0References5
Rows per page
Query Builder