Lucene search
K

4032 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in JRuby

Before Ruby 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an HTTP Response Splitting attack was possible. An attacker could inject a crafted key and value into an HTTP response for the WEBrick HTTP server...

5.3CVSS6.8AI score0.0576EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/16 7:17 p.m.6 views

kernel: xen/privcmd: fix double free via VMA splitting

A flaw was found in the Linux kernel's xen/privcmd module. A local user could exploit this by performing a partial unmapping of a privcmd memory region. This action causes a Virtual Memory Area VMA to split, leading to duplicated internal memory pointers. As a result, the same memory can be freed...

7.8CVSS5.5AI score0.00183EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/15 8:7 p.m.8 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via MultipartWriter.append or Payload.headers when attacker-controlled input is included in multipart or payload headers. An attacker can inject additional headers or alter the contents of a request by supplying...

7.5CVSS5.3AI score0.00301EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/13 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-43966

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via...

6.3CVSS5.7AI score0.00313EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 3:7 p.m.33 views

GHSA-CQ87-8R7H-962V SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

8.9CVSS5.7AI score0.00044EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/12 3:7 p.m.9 views

SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

5.7AI score0.00044EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/12 10:16 a.m.10 views

CVE-2026-50630

A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return CR and Line Feed LF characters. If an attacker can control the realm value, they can injec...

6.5CVSS0.00404EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 8:58 a.m.28 views

CVE-2026-50630 Apache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection

A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return CR and Line Feed LF characters. If an attacker can control the realm value, they can injec...

0.00404EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.11 views

PT-2026-48923

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

8.9CVSS5.7AI score0.00044EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/12 12:0 a.m.9 views

SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

5.6AI score0.00044EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/11 3:20 p.m.4 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the host component of a URI when constructing a PSR-7 Uri or Request. An attacker can inject arbitrary HTTP headers by supplying a crafted host value containing ASCII control characters, such as CRLF, which a...

6.9CVSS5.5AI score0.00189EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : Apache HTTP Server vulnerabilities (USN-8338-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8338-1 advisory. It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly us...

9.8CVSS7AI score0.41611EPSS
Exploits2References16
F5 Networks
F5 Networks
added 2026/06/10 7:18 p.m.10 views

K000161670: Apache HTTP Server vulnerability CVE-2026-33523

Security Advisory Description HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

6.5CVSS5.4AI score0.00436EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/10 5:38 p.m.9 views

CVE-2026-45062 FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files

FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead...

8.1CVSS6.2AI score0.00568EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 5:38 p.m.19 views

CVE-2026-45062

CVE-2026-45062 affects FrankenPHP (versions 1.11.2–1.12.2). The vulnerability arises in the CGI path splitting logic (splitPos in cgi.go), where fallback matching uses golang.org/x/text/search with ignore-case, and engages when the request path contains non-ASCII bytes. Two flaws enable an attack...

8.1CVSS6.2AI score0.00568EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.10 views

CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

6.3CVSS5.6AI score0.00313EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 6:45 p.m.8 views

Security Bulletin: Langflow OSS affected by vulnerabilies in Axios versions prior to 1.15.0

Summary Langflow OSS affected by vulnerabilies in Axios versions prior to 1.15.0 Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in...

9CVSS5.4AI score0.01815EPSS
Exploits5Affected Software1
NVD
NVD
added 2026/06/08 5:16 p.m.8 views

CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

6.3CVSS0.00313EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 5:16 p.m.12 views

DEBIAN-CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

6.3CVSS5.5AI score0.00313EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:34 p.m.5 views

CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

6.3CVSS5.6AI score0.00313EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder