Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-93 (对CRLF序列的转义处理不恰当(CRLF注入)) — Vulnerability Class 83

83 vulnerabilities classified as CWE-93 (对CRLF序列的转义处理不恰当(CRLF注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-0672 Header injection in http.cookies.Morsel — CPython 4.3AIMediumAI2026-01-20
CVE-2025-15282 Header injection via newlines in data URL mediatype — CPython 5.3AIMediumAI2026-01-20
CVE-2026-23829 Mailpit has SMTP Header Injection via Regex Bypass — mailpit 5.3 Medium2026-01-18
CVE-2026-22777 ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler — ComfyUI-Manager 7.5 High2026-01-10
CVE-2026-21428 cpp-httplib has CRLF injection in http headers — cpp-httplib 9.1 -2026-01-01
CVE-2022-50682 Kentico Xperience <= 13.0.79 Routing Engine CRLF Injection — Xperience 6.5 Medium2025-12-18
CVE-2025-67735 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder — netty 6.5 Medium2025-12-16
CVE-2025-14531 code-projects Rental Management System Log Transaction.java crlf injection — Rental Management System 4.3 Medium2025-12-11
CVE-2025-54972 Fortinet FortiMail 注入漏洞 — FortiMail 3.9 Medium2025-11-18
CVE-2025-59151 Pi-hole Admin Interface vulnerable to HTTP response header injection via CRLF injection — web 8.2 High2025-10-27
CVE-2025-59419 Netty netty-codec-smtp SMTP Command Injection Vulnerability Allowing Email Forgery — netty 9.8 -2025-10-15
CVE-2025-57804 h2 allows HTTP Request Smuggling due to illegal characters in headers — h2 7.5AIHighAI2025-08-25
CVE-2025-8715 PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server — PostgreSQL 8.8 High2025-08-14
CVE-2025-8419 Org.keycloak/keycloak-services: keycloak smtp inject vulnerability — keycloak 5.3 Medium2025-08-06
CVE-2025-41376 CRLF Injection in Limesurvey — LimeSurvey 8.8 -2025-08-01
CVE-2025-6175 CRLF Injection in DECE Software's Geodi — Geodi 7.2 High2025-07-29
CVE-2025-0293 Ivanti Connect Secure和Ivanti Policy Secure 注入漏洞 — Connect Secure 6.6 Medium2025-07-08
CVE-2025-53094 ESPAsyncWebServer Vulnerable to CRLF Injection in AsyncWebHeader.cpp — ESPAsyncWebServer 5.8AIMediumAI2025-06-27
CVE-2025-52479 HTTP.jl vulnerable to CR/LF Injection in URIs — HTTP.jl 5.4AIMediumAI2025-06-25
CVE-2025-40671 SQL injection vulnerability in AES Multimedia's Gestnet — Gestnet 9.8AICriticalAI2025-05-26
CVE-2024-53693 QTS, QuTS hero — QTS 4.3 -2025-03-07
CVE-2024-50405 QTS, QuTS hero — QTS 2.7 -2025-03-07
CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection — rack 5.3 -2025-03-04
CVE-2025-25184 Possible Log Injection in Rack::CommonLogger — rack 4.3 -2025-02-12
CVE-2024-48868 QTS, QuTS hero — QTS 5.3 -2024-12-06
CVE-2024-48867 QTS, QuTS hero — QTS 5.3 -2024-12-06
CVE-2024-51501 CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes — refit 6.5AIMediumAI2024-11-04
CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary — lunary-ai/lunary 5.3AIMediumAI2024-10-29
CVE-2024-45597 Pluto's http.request allows CR and LF in header values — Pluto 5.3 Medium2024-09-10
CVE-2024-45302 CRLF Injection in RestSharp's `RestRequest.AddHeader` method — RestSharp 6.1 Medium2024-08-29

Vulnerabilities classified as CWE-93 (对CRLF序列的转义处理不恰当(CRLF注入)) represent 83 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.