CWE-93: CWE-93

A CRLF injection vulnerability in Neto CMS allows attackers to inject malicious HTTP headers through crafted requests, potentially leading to arbitrar...

CVE-2021-39172 is a critical newline injection vulnerability in Cachet status page systems that allows authenticated users (both regular users and adm...

This vulnerability allows users in the 'incus' group to inject newlines into container environment variables, enabling arbitrary command execution on ...

This vulnerability allows unauthenticated attackers to abuse the ShopLentor WordPress plugin as an email relay. Attackers can send arbitrary emails wi...

Pi-hole Admin Interface before version 6.3 is vulnerable to CRLF injection, allowing attackers to inject arbitrary HTTP response headers by manipulati...

This CRLF injection vulnerability in Cisco Secure Client's SAML authentication allows unauthenticated attackers to execute arbitrary script code in us...

ComfyUI-Manager extension versions before 3.39.2 and 4.0.5 contain an injection vulnerability where attackers can manipulate HTTP query parameters to ...

CVE-2025-27111 is a log injection vulnerability in Rack's Sendfile middleware that allows attackers to inject escape sequences (like newlines) via the...

This CRLF injection vulnerability in QNAP operating systems allows remote attackers to inject carriage return and line feed sequences, potentially mod...

This CVE describes an HTTP header injection vulnerability where unvalidated user input is included in HTTP headers, allowing attackers to manipulate H...

This CVE describes a CRLF injection vulnerability in Microweber CMS that allows attackers to inject carriage return and line feed characters into HTTP...

Apache Unomi versions before 1.5.5 are vulnerable to CRLF log injection due to improper escaping in log statements. This allows attackers to inject ma...

This CRLF injection vulnerability in DECE Software Geodi allows attackers to inject malicious HTTP headers and split HTTP responses, potentially enabl...

This CRLF injection vulnerability in QNAP operating systems allows attackers with user access to manipulate application data by injecting carriage ret...

A CRLF injection vulnerability in Kentico Xperience's routing engine allows attackers to manipulate URL query string redirects through improper encodi...

This CVE describes a CRLF injection vulnerability in Netty's HttpRequestEncoder that allows request smuggling. Attackers can inject malicious content ...

This CRLF injection vulnerability in KeeneticOS allows attackers to add unauthorized administrative users by tricking victims into visiting a maliciou...

FreeScout help desk software prior to version 1.8.178 has an input validation vulnerability where special characters like carriage returns, newlines, ...

RestSharp versions before 112.0.0 are vulnerable to CRLF injection in HTTP headers, allowing attackers to inject malicious headers or smuggle HTTP req...

This CRLF injection vulnerability in libsoup allows attackers to inject malicious HTTP headers or request bodies when an HTTP proxy is configured. It ...

CVE-2024-45597 is an HTTP request injection vulnerability in Pluto (a Lua 5.4 superset) where user-controlled values passed to http.request headers ca...

This CRLF injection vulnerability in Fortinet FortiMail allows attackers to inject HTTP headers into server responses by tricking users into clicking ...

This vulnerability in Python's email module allows header injection when serializing email messages. Attackers can inject malicious headers by exploit...

This vulnerability in Python's email header parsing allows header injection when processing user-controlled email addresses containing specific commen...

This vulnerability in Python's urllib.request.DataHandler allows attackers to inject HTTP headers through newline characters in data URL mediatypes. T...