CVE-2026-43969

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

PT-2026-8280

CVE-2025-68127 - Apache HTTP Server HTTP Request Splitting Vulnerability CVE ID : CVE-2025-68127 Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago Description : Rejected reason: reserved but not needed Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected...

MiracleLinux 7 : httpd-2.4.6-98.7.0.1.el7.AXS7 (AXSA:2023-5265:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5265:04 advisory. httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 Tenable has extracted the preceding description block directly from the MiracleLinu...

MiracleLinux 8 : squid:4 (AXSA:2021-1405:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1405:01 advisory. squid: Improper input validation in request allows for proxy manipulation CVE-2019-12520 squid: Off-by-one error in addStackElement allows for heap...

MiracleLinux 8 : squid:4 Security update (AXSA:2020-790:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-790:01 advisory. squid: HTTP Request Smuggling could result in cache poisoning CVE-2020-15810 squid: HTTP Request Splitting could result in cache poisoning...

curl: CRLF Injection in HTTP header values allows arbitrary header injection

curl allows carriage return \r and line feed \n characters inside HTTP header values. When attacker-controlled data is used in a header value e.g., Authorization: Bearer , curl construct and sends a malformed HTTP request containing injected headers. This violates HTTP specification RFC 7320 /RFC...

CVE-2021-41084

http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names Header.nameå, Header values Header.value, Status reason phrases...

EUVD-2005-2704

Malware in sbrugna...

EUVD-2007-2287

Malware in sbrugna...

EUVD-2020-0229

Malware in sbrugna...

EUVD-2021-19907

Malware in sbrugna...

EUVD-2021-1987

Malware in sbrugna...

EUVD-2018-4094

Malware in sbrugna...

EUVD-2010-3545

Malware in sbrugna...

EUVD-2012-3643

Malware in sbrugna...

EUVD-2024-41751

Malicious code in bioql PyPI...

EUVD-2025-22989

Malicious code in bioql PyPI...

EUVD-2024-0313

Malicious code in bioql PyPI...

CVE-2025-11150

...

python-hyper h2 注入漏洞

python-hyper h2 is a Python HTTP/2 protocol implementation of Hyper open source. An injection vulnerability exists in python-hyper h2 versions prior to 4.3.0, which stems from HTTP2 request splitting and could lead to a request smuggling attack...