CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/04 10:3 a.m.•12 views

CVE-2026-48596

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...

RedhatCVE•added 2026/06/04 10:3 a.m.•11 views

CVE-2026-48594

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...

8.2CVSS5.8AI score0.00329EPSS

RedhatCVE•added 2026/06/04 10:3 a.m.•13 views

CVE-2026-48597

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

8.2CVSS5.8AI score0.00301EPSS

RedhatCVE•added 2026/06/03 10:1 p.m.•11 views

CVE-2026-48595

Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a...

8.2CVSS5.8AI score0.00301EPSS

Exploits2References1

NVD•added 2026/06/02 8:16 p.m.•11 views

CVE-2026-48597

8.2CVSS0.00301EPSS

NVD•added 2026/06/02 8:16 p.m.•12 views

CVE-2026-48594

8.2CVSS0.00329EPSS

NVD•added 2026/06/02 8:16 p.m.•11 views

CVE-2026-48595

8.2CVSS0.00301EPSS

Exploits2References4

NVD•added 2026/06/02 8:16 p.m.•14 views

CVE-2026-48596

2.1CVSS0.0017EPSS

NVD•added 2026/06/02 8:16 p.m.•10 views

CVE-2026-48598

2.1CVSS0.00143EPSS

ATTACKERKB•added 2026/06/02 7:9 p.m.•7 views

CVE-2026-48596

Exploits0References5Affected Software1

Cvelist•added 2026/06/02 7:9 p.m.•32 views

CVE-2026-48596 CRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injection

2.1CVSS0.0017EPSS

Vulnrichment•added 2026/06/02 7:9 p.m.•6 views

CVE-2026-48596 CRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injection

OSV•added 2026/06/02 7:9 p.m.•9 views

EEF-CVE-2026-48596 CRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injection

Summary Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...

EUVD•added 2026/06/02 7:9 p.m.•8 views

EUVD-2026-34016

CVE•added 2026/06/02 7:9 p.m.•16 views

CVE-2026-48596

Summary: CVE-2026-48596 affects the Elixir Tesla library (tesla) in its multipart handling. The vulnerability is in Tesla.Multipart.add_content_type_param/2, which appends caller-supplied strings to content_type_params without validating CR (\r) or LF (\n). Tesla.Multipart.headers/1 then joins th...

ATTACKERKB•added 2026/06/02 7:8 p.m.•6 views

CVE-2026-48594

8.2CVSS5.8AI score0.00329EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/06/02 7:8 p.m.•6 views

CVE-2026-48594 Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression

8.2CVSS5.8AI score0.00329EPSS