Lucene search
K

551 matches found

EUVD
EUVD
added 4 days ago18 views

EUVD-2026-34012

Tesla vulnerable to multipart part smuggling via unescaped content-disposition values...

2.1CVSS5.9AI score0.00143EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago16 views

EUVD-2026-34013

Tesla vulnerable to atom exhaustion via untrusted URL scheme...

8.2CVSS5.9AI score0.00301EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago12 views

EUVD-2026-34014

Tesla: Authorization header leaks on cross-origin redirect via case-sensitive filtering...

8.2CVSS5.9AI score0.00396EPSS
Exploits2References5
EUVD
EUVD
added 4 days ago17 views

EUVD-2026-34015

Tesla has decompression bomb on response body...

8.2CVSS5.9AI score0.00329EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago12 views

EUVD-2026-34016

Tesla has CRLF injection in request Content-Type header via addcontenttypeparam...

2.1CVSS5.9AI score0.0017EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/06/09 11:16 a.m.58 views

Exploit for CVE-2026-48595

CVE-2026-48595 - elixir-tesla tesla Vulnerability Quick Us...

8.2CVSS5.5AI score0.00396EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/06/06 7:55 a.m.80 views

Exploit for CVE-2026-48595

CVE-2026-48595 - elixir-tesla tesla Vulnerability Quick Us...

8.2CVSS5.5AI score0.00396EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/06/04 10:3 a.m.16 views

CVE-2026-48598

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...

2.1CVSS5.8AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/04 10:3 a.m.16 views

CVE-2026-48596

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...

2.1CVSS5.9AI score0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/04 10:3 a.m.17 views

CVE-2026-48597

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

8.2CVSS5.8AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/04 10:3 a.m.14 views

CVE-2026-48594

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...

8.2CVSS5.8AI score0.00329EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 10:1 p.m.14 views

CVE-2026-48595

Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a...

8.2CVSS5.8AI score0.00396EPSS
Exploits2References1
NVD
NVD
added 2026/06/02 8:16 p.m.13 views

CVE-2026-48595

Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a...

8.2CVSS0.00396EPSS
Exploits2References4
NVD
NVD
added 2026/06/02 8:16 p.m.21 views

CVE-2026-48597

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

8.2CVSS0.00301EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 8:16 p.m.12 views

CVE-2026-48598

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...

2.1CVSS0.00143EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 8:16 p.m.14 views

CVE-2026-48594

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...

8.2CVSS0.00329EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 8:16 p.m.17 views

CVE-2026-48596

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...

2.1CVSS0.0017EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 7:9 p.m.9 views

CVE-2026-48596 CRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injection

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...

2.1CVSS5.9AI score0.0017EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:9 p.m.10 views

CVE-2026-48596

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...

2.1CVSS5.9AI score0.0017EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/02 7:9 p.m.20 views

CVE-2026-48596

Summary: CVE-2026-48596 affects the Elixir Tesla library (tesla) in its multipart handling. The vulnerability is in Tesla.Multipart.add_content_type_param/2, which appends caller-supplied strings to content_type_params without validating CR (\r) or LF (\n). Tesla.Multipart.headers/1 then joins th...

2.1CVSS5.9AI score0.0017EPSS
Exploits0References4
Rows per page
Query Builder