Lucene search
K

391 matches found

EUVD
EUVD
added 2026/06/26 9:58 p.m.17 views

EUVD-2026-31687

Hackney has CR/LF injection in query parameter...

7.5CVSS5.8AI score0.00421EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-48861

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...

2.1CVSS5.7AI score0.00166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 2:15 p.m.9 views

CVE-2026-48861 CRLF injection in HTTP/1 request line via unvalidated method in Mint

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...

2.1CVSS6AI score0.00166EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:15 p.m.9 views

CVE-2026-48861

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...

2.1CVSS6AI score0.00166EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/02 2:15 p.m.23 views

CVE-2026-48861

The CVE describes a CRLF injection risk in elixir-mint Mint through the HTTP/1 request line construction. Specifically, encode_request_line/2 directly embeds caller-supplied method and target into the line, allowing an attacker to terminate the line and inject headers, enabling HTTP request split...

2.1CVSS6AI score0.00166EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 2:15 p.m.11 views

EEF-CVE-2026-48861 CRLF injection in HTTP/1 request line via unvalidated method in Mint

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encode\request\line/2 function splices the caller-supplied method and target arguments directly into the...

2.1CVSS6.2AI score0.00166EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 2:15 p.m.4 views

CVE-2026-48861 CRLF injection in HTTP/1 request line via unvalidated method in Mint

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...

2.1CVSS6.1AI score0.00166EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Mint 安全漏洞

Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.1.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the encoderequestline/2 function not verifying the CRLF characters in method parameters, which could lead to HT...

2.1CVSS5.4AI score0.00166EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.13 views

CVE-2026-47075

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

7.5CVSS5.9AI score0.00421EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/25 2:0 p.m.45 views

CVE-2026-47075 CR/LF injection in query parameter in hackney

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

6.8CVSS0.00421EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:0 p.m.9 views

CVE-2026-47075

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

6.8CVSS5.9AI score0.00421EPSS
Exploits1References5
OSV
OSV
added 2026/05/25 2:0 p.m.3 views

CVE-2026-47075 CR/LF injection in query parameter in hackney

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

6.8CVSS6.1AI score0.00421EPSS
Exploits1References9
CVE
CVE
added 2026/05/25 2:0 p.m.35 views

CVE-2026-47075

CVE-2026-47075 describes a CRLF injection in Hackney’s URL query handling. Hackney does not percent-encode CR/LF characters in the query string before forming the HTTP/1.1 request target, allowing an attacker who controls the URL to inject raw CRLF sequences and potentially perform HTTP header in...

7.5CVSS5.9AI score0.00421EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/25 2:0 p.m.9 views

CVE-2026-47075 CR/LF injection in query parameter in hackney

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

6.8CVSS5.9AI score0.00421EPSS
Exploits1References4
OSV
OSV
added 2026/05/25 2:0 p.m.11 views

EEF-CVE-2026-47075 CR/LF injection in query parameter in hackney

Summary Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the...

6.8CVSS6.2AI score0.00421EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 2.0.0 through 4.0.1, which stems from a failure to strip CRLF sequences in WebSocket upgrade code, which could lead to HTTP request/response splitting...

7.5CVSS5.8AI score0.00506EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions 0 through prior to 4.0.1, which stems from a URL query component that does not percentile encode CRLF characters, potentially resulting in HTTP request splitting...

7.5CVSS5.8AI score0.00421EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.18 views

PT-2026-43071

Name of the Vulnerable Software and Affected Versions hackney versions 0 through 4.0.0 Description Improper Neutralization of CRLF Sequences allows HTTP Request Splitting. The software fails to percent-encode carriage return r or line feed characters in the URL query component before constructing...

7.5CVSS5.9AI score0.00421EPSS
Exploits1References9
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Twisted

In Twisted Web version 19.10.0, there was an HTTP request splitting vulnerability. When two content-length headers were provided, the system ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request...

9.8CVSS8AI score0.04083EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Twisted

In Twisted Web version 19.10.0, there was an HTTP request splitting vulnerability. When a content-length and a chunked encoding header were provided, the content-length took precedence, and the remaining part of the request body was interpreted as a pipelined request...

9.8CVSS7.6AI score0.03298EPSS
Exploits1References2
Rows per page
Query Builder