Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-93

CWE-93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

174 vulnerabilities with CWE-93

CVE-2026-0672 MEDIUM

CPython HTTP Header Injection via http.cookies.Morsel

CVE-2026-23829 MEDIUM

Mailpit < 1.28.3 - SMTP Header Injection via RCPT TO and MAIL FROM Address Validation

CVE-2026-22777 HIGH

ComfyUI-Manager <3.39.2, <4.0.5 - Code Injection

CVE-2026-21428 HIGH

cpp-httplib < 0.30.0 - CRLF Injection via User-Supplied Headers

CVE-2025-15282 MEDIUM

Python urllib.request - Data URL Header Injection

CVE-2025-11468 MEDIUM

CPython HTTP Header Injection via Email Header Folding

CVE-2025-67735 MEDIUM

Netty <4.1.129.Final, <4.2.8.Final - Request Smuggling

CVE-2025-14531 MEDIUM

code-projects Rental Management System 2.0 - CRLF Injection

CVE-2025-54972 MEDIUM

Fortinet FortiMail <7.6.3 - Crlf Injection

CVE-2025-59151 HIGH

Pi-hole Web Interface < 6.3 - HTTP Response Splitting via .lp File Redirect

CVE-2025-56007 MEDIUM

KeeneticOS <4.3 - Command Injection

CVE-2025-59419 MEDIUM

Netty < 4.1.128.Final and 4.2.0.Alpha1-4.2.7.Final - SMTP Command Injection via CRLF Sequence

CVE-2025-61884 HIGH KEV

Oracle Configurator 12.2.3-12.2.14 - Unauthenticated CRLF Injection via Runtime UI

CVE-2025-28357 HIGH

Neto CMS 6.313.0-6.314.0 - Remote Code Execution via CRLF Injection

CVE-2025-57804 MEDIUM

h2 <4.3.0 - Request Smuggling

CVE-2025-8715 HIGH

PostgreSQL <17.6, <16.10, <15.14, <14.19, <13.22 - Code Injection

CVE-2025-8419 MEDIUM

Keycloak < 26.2.8 - SMTP Injection via Email Registration

CVE-2025-41376 MEDIUM

Limesurvey v2.65.1+170522 - CRLF Injection

CVE-2025-6175 HIGH

DECE Software Geodi <9.0.146 - CRLF Injection

CVE-2025-0293 MEDIUM

Ivanti Connect/Ivanti Policy <22.7R2.8-22.7R1.5 - Code Injection

CVE-2025-53094 HIGH

ESPAsyncWebServer <3.7.8 - CRLF Injection

CVE-2025-52479 HIGH

HTTP.jl <1.10.17 & URIs.jl <1.6.0 - CRLF Injection

CVE-2025-48388 MEDIUM

FreeScout <1.8.178 - Code Injection

CVE-2025-40671 CRITICAL

AES Multimedia's Gestnet <1.07 - SQL Injection

CVE-2025-27111 HIGH

Rack <2.2.12, <3.0.13, <3.1.11 - Log Injection

Previous Page 4 of 7 Next

Details

Vulnerabilities 174

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy