CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
135 vulnerabilities with CWE-93
CVE-2025-28357
HIGH
Neto CMS <6.314.0 - Code Injection
CVSS 8.8
CVE-2025-57804
MEDIUM
h2 <4.3.0 - Request Smuggling
CVE-2025-8715
HIGH
PostgreSQL <17.6, <16.10, <15.14, <14.19, <13.22 - Code Injection
CVSS 8.8
CVE-2025-8419
MEDIUM
Keycloak-services - SMTP Injection
CVSS 5.3
CVE-2025-41376
MEDIUM
Limesurvey v2.65.1+170522 - CRLF Injection
CVSS 5.3
CVE-2025-6175
HIGH
DECE Software Geodi <9.0.146 - CRLF Injection
CVSS 7.2
CVE-2025-0293
MEDIUM
Ivanti Connect/Ivanti Policy <22.7R2.8-22.7R1.5 - Code Injection
CVSS 6.6
CVE-2025-53094
HIGH
ESPAsyncWebServer <3.7.8 - CRLF Injection
CVE-2025-52479
HIGH
HTTP.jl <1.10.17 & URIs.jl <1.6.0 - CRLF Injection
CVE-2025-48388
MEDIUM
FreeScout <1.8.178 - Code Injection
CVSS 6.5
CVE-2025-40671
CRITICAL
AES Multimedia's Gestnet <1.07 - SQL Injection
CVE-2025-27111
HIGH
Rack <2.2.12, <3.0.13, <3.1.11 - Log Injection
CVSS 7.5
CVE-2025-25184
MEDIUM
Rack <2.2.11, 3.0.12, 3.1.10 - Info Disclosure
CVSS 6.5
CVE-2024-51981
MEDIUM
WS-Addressing - SSRF
CVSS 5.3
CVE-2024-53693
HIGH
QNAP OS - CRLF Injection
CVSS 7.1
CVE-2024-50405
MEDIUM
QNAP OS <5.2.3.3006 - CRLF Injection
CVSS 5.5
CVE-2024-48868
HIGH
QNAP OS - CRLF Injection
CVSS 7.5
CVE-2024-48867
HIGH
QNAP - CRLF Injection
CVSS 7.5
CVE-2024-51501
CRITICAL
Nuget Refit < 7.2.22 - SSRF
CVE-2024-7472
MEDIUM
lunary-ai/lunary <1.2.26 - Command Injection
CVSS 6.5
CVE-2024-45597
MEDIUM
Pluto - SSRF
CVSS 5.3
CVE-2024-45302
MEDIUM
RestSharp - CRLF Injection
CVSS 6.1
CVE-2024-40324
MEDIUM
E-Staff <5.1 - HTTP Response Splitting
CVSS 5.4
CVE-2024-36459
HIGH
SiteMinder - XSS
CVE-2024-5193
MEDIUM
Ritlabs TinyWeb Server <1.99 - CRLF Injection
CVSS 5.3
Details
Vulnerabilities
135