304 matches found
CVE-2026-38967
CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...
CVE-2026-38967
CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...
PT-2026-45831
CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...
CVE-2026-47066
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...
Astra Linux - уязвимость в apache2
Before Apache HTTP Server 2.4.55, a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers serve any security purposes, they will not be interpreted by the client...
Astra Linux - уязвимость в squid
A issue was discovered in Squid 4.x before 4.15, and in 5.x before 5.0.6. If a remote server sends a certain response header via HTTP or HTTPS, it can lead to a denial of service. This header can potentially appear in legitimate network traffic...
CVE-2025-8154
CVE-2025-8154 describes an HTTP header injection vulnerability in the Webhook API invocations causing headers to be injected/overwritten in responses. Affected products include multiple WSO2 offerings (e.g., API Manager, Universal Gateway, Traffic Manager, API Control Plane, Carbon API Gateway/Ma...
CVE-2025-8154 HTTP Header Injection via Webhook API in Multiple WSO2 Products Allows Response Header Manipulation
In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP...
CVE-2026-41683 HTTP response splitting and DoS in i18next-http-middleware via unsanitised Content-Language header
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which ...
CVE-2026-8033
A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...
EUVD-2026-28206
A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...
CVE-2026-8033
A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...
CVE-2026-8033 PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure
A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...
CVE-2026-8033
PicoTronica e-Clinic Healthcare System ECHS version 5.7 contains a vulnerability in the Response Header Handler component, specifically affecting the file /cdemos/echs/api/v2/. The issue allows information disclosure due to manipulation of the response headers. Exploitation is described as possib...
CVE-2026-8033 PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure
A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...
CVE-2026-8033
A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...
PT-2026-38225
Name of the Vulnerable Software and Affected Versions PicoTronica e-Clinic Healthcare System ECHS version 5.7 Description An issue in the Response Header Handler component within the file '/cdemos/echs/api/v2/' allows for remote information disclosure. Recommendations Upgrade to version 5.7.1...
CVE-2025-47403
Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming...
PT-2026-30325
Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.17.0 Description Directus SSO login pages were missing the Cross-Origin-Opener-Policy COOP HTTP response header. This allowed a malicious cross-origin window to access and manipulate the window object of the...
CVE-2026-34767
Summary : Electron apps that register custom protocol handlers (protocol.handle()/protocol.registerSchemesAsPrivileged()) or use webRequest.onHeadersReceived can be vulnerable to HTTP response header injection when untrusted input is reflected into header names or values. Impact : injected header...