3 matches found
CVE-2026-50188 Kirby: Request header injection in `Http\Remote`
Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request, Remote::get, and Remote::post, to send outgoing HTTP requests with untrusted data in the headers option could allow newline characters...
Linux Distros Unpatched Vulnerability : CVE-2026-42035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter...
PT-2026-29666
Name of the Vulnerable Software and Affected Versions Ewe versions prior to 3.0.6 Description The encode headers function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF r sequences. This allows an...