CVE & Exploit Intelligence Database

CVE-2026-28296 4.3 MEDIUM 1 PoC Analysis EPSS 0.00

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF) sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and inject arbitrary FTP commands, potentially leading to arbitrary code execution or other severe impacts.

CWE-93 Feb 26, 2026

CVE-2026-23829 5.3 MEDIUM 3 PoCs Analysis EPSS 0.00

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate `RCPT TO` and `MAIL FROM` addresses. An attacker can inject arbitrary SMTP headers (or corrupt existing ones) by including carriage return characters (`\r`) in the email address. This header injection occurs because the regex intended to filter control characters fails to exclude `\r` and `\n` when used inside a character class. Version 1.28.3 fixes this issue.

CWE-150 Jan 19, 2026

CVE-2025-61884 7.5 HIGH KEV RANSOMWARE 4 PoCs Analysis NUCLEI EPSS 0.30

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CWE-93 Oct 12, 2025

CVE-2024-40324 5.4 MEDIUM 1 PoC Analysis EPSS 0.12

A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation.

CWE-113 Jul 25, 2024

CVE-2024-20337 8.2 HIGH 1 PoC EPSS 0.04

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.

CWE-93 Mar 06, 2024

CVE-2022-0666 7.5 HIGH 1 PoC NUCLEI EPSS 0.29

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.

CWE-93 Feb 18, 2022

CVE-2021-39172 8.8 HIGH 1 PoC Analysis EPSS 0.57

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of new lines characters in new configuration values. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.

CWE-93 Aug 27, 2021

CVE-2018-19585 7.5 HIGH 2 PoCs Analysis EPSS 0.12

GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.

CWE-93 May 17, 2019

CVE-2019-10678 7.5 HIGH 2 PoCs Analysis EPSS 0.16

Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.

CWE-93 Mar 31, 2019

CVE-2018-12537 5.3 MEDIUM 2 PoCs Analysis EPSS 0.01

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.

CWE-93 Aug 14, 2018

CVE-2016-4975 6.1 MEDIUM 1 PoC Analysis NUCLEI EPSS 0.73

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

CWE-93 Aug 14, 2018

CVE-2014-2017 6.1 MEDIUM 1 PoC Analysis EPSS 0.02

CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CWE-93 Jan 18, 2018