Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-93

CWE-93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

174 vulnerabilities with CWE-93

CVE-2026-42586 MEDIUM

Netty: CRLF Injection in Netty Redis Codec Encoder

CVE-2026-35504 MEDIUM

Subnet Solutions PowerSYSTEM Center CRLF injection

CVE-2026-44217 MEDIUM

sse-channel: SSE Injection via unsanitized event fields

CVE-2026-43882 MEDIUM

WWBN AVideo: Unauthenticated CRLF/ICS Injection in Scheduler downloadICS.php Allows Calendar Event Spoofing

CVE-2026-43969 LOW

Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1

CVE-2026-43968 MEDIUM

CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1

CVE-2026-42258 CRITICAL

net-imap: Command Injection via unvalidated Symbol inputs

CVE-2026-42257 CRITICAL

net-imap: Command Injection via "raw" arguments to multiple commands

CVE-2026-41570 HIGH

PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes

CVE-2026-41417 MEDIUM

Netty vulnerable to HTTP request smuggling and RTSP request injection via DefaultHttpRequest.setUri()

CVE-2026-39849 HIGH

Pi-hole FTL remote code execution via newline injection in dns.interface configuration

CVE-2026-34458 HIGH

Sandboxie-Plus privilege escalation via INI CRLF injection bypassing EditAdminOnly

CVE-2026-5140 HIGH

Authorization Bypass in TUBITAK BILGEM's Pardus Update

CVE-2026-42037 MEDIUM

Axios 1.0.0-1.15.0 - Header Injection

CVE-2026-41230 HIGH

Froxlor <2.3.6 DomainZones::add() - BIND Zone File Injection

CVE-2026-2717 MEDIUM

HTTP Headers <= 1.19.2 - Authenticated (Administrator+) CRLF Injection via Custom Header Values

CVE-2026-32964 MEDIUM

silex technology SD-330AC <=Ver.1.42 - CRLF Injection

CVE-2026-6351 HIGH

Openfind｜MailGates/MailAudit - CRLF Injection

CVE-2026-2400 MEDIUM

Schneider Electric PowerChute Serial Shutdown <=1.4 - CRLF Injection

CVE-2026-1502 MEDIUM

HTTP client proxy tunnel headers not validated for CR/LF

CVE-2026-35601 MEDIUM

Vikunja <2.3.0 CalDAV Task Output - iCalendar Property Injection

CVE-2026-39983 HIGH

FTP Command Injection via CRLF in basic-ftp

CVE-2026-39958 CRITICAL

oma-topic: name Field in Topic Manifests (topic.json) May Allow CRLF Injection

CVE-2026-39394 HIGH

CI4MS <0.31.4.0 Install Controller host - .env CRLF Injection

CVE-2026-35521 HIGH

Pi-hole FTL affected by Remote Code Execution (RCE) via dhcp.hosts Newline Injection

Previous Page 2 of 7 Next

Details

Vulnerabilities 174

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy