Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-93 (对CRLF序列的转义处理不恰当(CRLF注入)) — Vulnerability Class 83

83 vulnerabilities classified as CWE-93 (对CRLF序列的转义处理不恰当(CRLF注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-42037 Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream — axios 5.3 Medium2026-04-24
CVE-2026-41230 Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add() — froxlor 8.5 High2026-04-23
CVE-2026-2717 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) CRLF Injection via Custom Header Values — HTTP Headers 5.5 Medium2026-04-22
CVE-2026-32964 Silex SD-330AC和Silex AMC Manager 安全漏洞 — SD-330AC 6.5 Medium2026-04-20
CVE-2026-6351 Openfind|MailGates/MailAudit - CRLF Injection — MailGates 7.5 High2026-04-16
CVE-2026-2400 Schneider Electric PowerChute Serial Shutdown 注入漏洞 — PowerChute™ Serial Shutdown 4.5 -2026-04-14
CVE-2026-35601 Vikunja has an iCalendar Property Injection via CRLF in CalDAV Task Output — vikunja 4.1 Medium2026-04-10
CVE-2026-39983 FTP Command Injection via CRLF in basic-ftp — basic-ftp 8.6 High2026-04-09
CVE-2026-39958 oma-topic: name Field in Topic Manifests (topic.json) May Allow CRLF Injection — oma 5.3AIMediumAI2026-04-09
CVE-2026-39394 CI4MS has an .env CRLF Injection via Unvalidated `host` Parameter in Install Controller — ci4ms 8.1 High2026-04-08
CVE-2026-34975 Plunk has a CRLF Email Header Injection in raw MIME message construction allows authenticated API user to inject arbitrary email headers — plunk 8.5 High2026-04-06
CVE-2026-26962 Rack: Header injection in multipart requests — rack 4.8 Medium2026-04-02
CVE-2026-2442 Pagelayer <= 2.0.7 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via 'email' — Page Builder: Pagelayer – Drag and Drop website builder 5.3 Medium2026-03-28
CVE-2026-33635 iCalendar has ICS injection via unsanitized URI property values — icalendar 4.3 Medium2026-03-26
CVE-2026-20113 Cisco IOS XE Software 注入漏洞 — Cisco IOS XE Software 5.3 Medium2026-03-25
CVE-2026-28753 NGINX ngx_mail_proxy_module vulnerability — NGINX Open Source 3.7 Low2026-03-24
CVE-2026-33128 h3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream Fields — h3 7.5 High2026-03-20
CVE-2026-3633 Libsoup: libsoup: header and http request injection via crlf injection — Red Hat Enterprise Linux 10 3.9 Low2026-03-17
CVE-2026-3634 Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header — Red Hat Enterprise Linux 10 3.9 Low2026-03-17
CVE-2026-1527 undici is vulnerable to CRLF Injection via upgrade option — undici 4.6 Medium2026-03-12
CVE-2026-3234 Mod_proxy_cluster: mod_proxy_cluster: response body corruption via crlf injection — Red Hat Enterprise Linux 10 4.3 Medium2026-03-12
CVE-2026-3848 Improper Neutralization of CRLF Sequences ('CRLF Injection') in GitLab — GitLab 5.0 Medium2026-03-11
CVE-2026-30227 MimeKit: CRLF Injection in Quoted Local-Part Enables SMTP Command Injection and Email Forgery — MimeKit 8.2 -2026-03-06
CVE-2026-28296 Gvfs: ftp gvfs backend: arbitrary ftp command injection via crlf sequences in file paths — Red Hat Enterprise Linux 10 4.3 Medium2026-02-26
CVE-2026-1714 ShopLentor <= 3.3.2 - Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin 8.6 High2026-02-18
CVE-2026-1536 Libsoup: libsoup: http header injection or response splitting via crlf injection in content-disposition header — Red Hat Enterprise Linux 10 5.8 Medium2026-01-28
CVE-2026-1467 Libsoup: libsoup: http header injection via specially crafted urls when an http proxy is configured — Red Hat Enterprise Linux 10 5.8 Medium2026-01-27
CVE-2026-24489 Gakido vulnerable to HTTP Header Injection (CRLF Injection) — gakido 5.3 Medium2026-01-27
CVE-2026-1299 email BytesGenerator header injection due to unquoted newlines — CPython 4.3 -2026-01-23
CVE-2026-23953 Incus container environment configuration newline injection — incus 8.7 High2026-01-22

Vulnerabilities classified as CWE-93 (对CRLF序列的转义处理不恰当(CRLF注入)) represent 83 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.