Lucene search
+L

556 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/02 7:8 p.m.8 views

CVE-2026-48598

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...

2.1CVSS5.8AI score0.00143EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/02 7:8 p.m.33 views

CVE-2026-48598

The CVE-2026-48598 entry affects the Elixir Tesla library, specifically Tesla.Multipart.part_headers_for_disposition/1. The vulnerability arises from improper encoding of disposition parameters, treating each parameter as k="v" without sanitizing CR (\r), LF (\n), or double-quote characters. Mali...

2.1CVSS5.8AI score0.00143EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 7:8 p.m.10 views

EEF-CVE-2026-48598 CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection

Summary Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.part\headers\for\disposition/1 interpolates each disposition parameter as k="v" with no validation of CR...

2.1CVSS6.1AI score0.00143EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/02 7:8 p.m.39 views

CVE-2026-48598 CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...

2.1CVSS0.00143EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 7:8 p.m.3 views

CVE-2026-48598 CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...

2.1CVSS6AI score0.00143EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.21 views

PT-2026-45839

Name of the Vulnerable Software and Affected Versions tesla versions 0.8.0 through 1.18.2 Description Improper Neutralization of CRLF Sequences in HTTP Headers, also known as HTTP Request/Response Splitting, allows HTTP header injection. The function add content type param/2 within the...

2.1CVSS6.1AI score0.0017EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.17 views

PT-2026-45841

Name of the Vulnerable Software and Affected Versions tesla versions 0.8.0 through 1.18.2 Description Improper encoding or escaping of output allows multipart part header injection through unescaped Content-Disposition parameter values. The function part headers for disposition interpolates...

2.1CVSS6AI score0.00143EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.19 views

PT-2026-45840

Name of the Vulnerable Software and Affected Versions tesla versions 1.3.0 through 1.18.2 Description An issue in Tesla.Adapter.Mint allows for a denial of service via atom table exhaustion. The function open conn/2 converts the URL scheme of outgoing requests into a BEAM atom using String.to...

8.2CVSS6AI score0.00301EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45838

Name of the Vulnerable Software and Affected Versions tesla versions 1.4.0 through 1.18.2 Description Improper handling of case sensitivity in the Tesla.Middleware.FollowRedirects middleware allows credential leakage to third-party origins during cross-origin redirects. The system uses a...

8.2CVSS6AI score0.00396EPSS
Exploits2References13
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Tesla 安全漏洞

Tesla is an HTTP client software open source by Elixir Tesla. Versions of Tesla from 0.8.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of escaping of the Content-Disposition parameter value, which could lead to multipart header injection attacks...

2.1CVSS5.3AI score0.00143EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

Tesla 安全漏洞

Tesla is an electric vehicle produced by the American company Tesla. Versions of Tesla from 0.8.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities were due to Tesla.Multipart.addcontenttypeparam/2 not verifying CR or LF characters, which could lead to HTTP header injection...

2.1CVSS5.4AI score0.0017EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

Tesla 安全漏洞

Tesla is an electric vehicle produced by the American company Tesla. Versions of Tesla from 1.3.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of resource allocation control in Tesla.Adapter.Mint, which could lead to denial-of-service attacks due to...

8.2CVSS5.3AI score0.00301EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

Tesla 安全漏洞

Tesla is an HTTP client software open source by Elixir Tesla. Versions of Tesla from 1.4.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities stemmed from the use of case-sensitive string comparisons in handling security-sensitive headers. This could lead to credential leakage to...

8.2CVSS5.3AI score0.00396EPSS
Exploits2References5
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.11 views

Tesla 安全漏洞

Tesla is an HTTP client software open-sourced by Elixir Tesla. Versions of Tesla from 0.6.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of restrictions on the size of decompressed data when processing highly compressed data, which could lead to...

8.2CVSS5.4AI score0.00329EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.24 views

PT-2026-45837

Name of the Vulnerable Software and Affected Versions tesla versions 0.6.0 through 1.18.2 Description Improper handling of highly compressed data allows a denial of service via a decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression i...

8.2CVSS6AI score0.00329EPSS
Exploits0References13
GithubExploit
GithubExploit
added 2026/05/31 6:16 p.m.113 views

Exploit for CVE-2022-42005

Tesla Security Research Vulnerability research on the Tesla M...

6.2AI score
Exploits1
GithubExploit
GithubExploit
added 2026/04/14 5:2 p.m.104 views

Teslav8sandboxescape

Te...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/14 2:18 p.m.16 views

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. "Attackers achieve...

6.6AI score
Exploits0
HackRead
HackRead
added 2025/12/10 8:26 p.m.13 views

Torrent for DiCaprio’s “One Battle After Another” Movie Drops Agent Tesla

Bitdefender researchers warn that the torrent for Leonardo DiCaprio’s One Battle After Another is a trap deploying Agent Tesla malware. Learn how the fileless LOTL attack targets unsuspecting Windows users...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.6 views

PT-2025-47956

Rooting Tesla's Linux-based infotainment system typically involves exploiting software vulnerabilities, like improper access controls in diagnostic interfaces e.g., CVE-2022-42008. Enthusiasts connect via Ethernet ports, use tools to gain a reverse shell, and set up persistence by modifying...

6.8AI score
Exploits1References1
Rows per page
Query Builder