Weaknesses of type CWE-93
150 resultsCVE-2026-1467MEDIUMLibsoup: libsoup: http header injection via specially crafted urls when an http proxy is configuredEPSS 0.3%CVE-2026-22777HIGHComfyUI-Manager is Vulnerable to CRLF Injection in Configuration HandlerEPSS 0.3%CVE-2025-56007MEDIUMCRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with fuEPSS 0.3%CVE-2024-45597MEDIUMPluto's http.request allows CR and LF in header valuesEPSS 0.3%CVE-2026-41417MEDIUMNetty vulnerable to HTTP request smuggling and RTSP request injection via DefaultHttpRequest.setUri()EPSS 0.3%CVE-2026-46719MEDIUMNet::Statsd::Lite versions before 0.9.0 for Perl allowed metric injectionsEPSS 0.3%CVE-2026-32993HIGHImproper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arEPSS 0.3%CVE-2026-1536MEDIUMLibsoup: libsoup: http header injection or response splitting via crlf injection in content-disposition headerEPSS 0.3%CVE-2026-2442MEDIUMPagelayer <= 2.0.7 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via 'email'EPSS 0.3%CVE-2026-45372CRITICALcpp-httplib: HTTP header value percent-decoding in server-side `parse_header` enables CRLF injectionEPSS 0.3%CVE-2025-67735MEDIUMNetty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoderEPSS 0.3%CVE-2026-20113MEDIUMA vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauEPSS 0.3%CVE-2026-32964MEDIUMSD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences ('CRLF Injection') vulnerabEPSS 0.3%CVE-2026-44214MEDIUMeventsource-encoder: SSE event injection via unsanitized event and id fieldsEPSS 0.3%CVE-2025-14531MEDIUMcode-projects Rental Management System Log Transaction.java crlf injectionEPSS 0.3%CVE-2026-50269LOWAIOHTTP: CRLF injection in multipart headersEPSS 0.3%CVE-2026-35504MEDIUMSubnet Solutions PowerSYSTEM Center CRLF injectionEPSS 0.3%CVE-2026-28753MEDIUMNGINX ngx_mail_proxy_module vulnerabilityEPSS 0.3%CVE-2026-50639MEDIUMMetrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injectionsEPSS 0.3%CVE-2026-46741HIGHEtsy::StatsD versions through 1.002002 for Perl allow metric injectionsEPSS 0.3%