Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-93

CWE-93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

174 vulnerabilities with CWE-93

CVE-2025-25184 MEDIUM

Rack <2.2.11, 3.0.12, 3.1.10 - Info Disclosure

CVE-2024-51981 MEDIUM

Brother Printer WS-Eventing - Blind Server-Side Request Forgery

CVE-2024-53693 HIGH

QNAP QTS and QuTS hero - CRLF Injection

CVE-2024-50405 MEDIUM

QNAP OS <5.2.3.3006 - CRLF Injection

CVE-2024-48868 HIGH

QNAP QTS and QuTS hero - CRLF Injection

CVE-2024-48867 HIGH

QNAP QTS and QuTS hero - CRLF Injection

CVE-2024-51501 CRITICAL

Refit < 7.2.22 - CRLF Injection via HTTP Header Manipulation

CVE-2024-7472 MEDIUM

lunary-ai/lunary <1.2.26 - Command Injection

CVE-2024-45597 MEDIUM

Pluto http.request Headers - Arbitrary Request Dispatch

CVE-2024-45302 MEDIUM

RestSharp 107.0.0-111.2.0 - CRLF Injection via AddHeader and AddDefaultHeader Methods

CVE-2024-40324 MEDIUM

E-Staff <5.1 - HTTP Response Splitting

CVE-2024-36459 HIGH

Symantec SiteMinder >=R12.52 SP1 CR11 <R12.52 SP1 CR11 and <R12.8 - Cross-Site Scripting via CRLF Injection

CVE-2024-5193 MEDIUM

Ritlabs TinyWeb Server <1.99 - CRLF Injection

CVE-2024-32986 CRITICAL

PWAsForFirefox < 2.12.0 - Arbitrary Code Execution via XDG Desktop Entry Injection

CVE-2024-1226 HIGH

Rejetto HTTP File Server 2.2a - HTTP Response Splitting

CVE-2024-20337 HIGH

Cisco Secure Client - CRLF Injection

CVE-2023-38551 HIGH

Ivanti Connect Secure 9.1R18.6-22.7R2 - Authenticated Cross-Site Scripting via CRLF Injection

CVE-2023-49082 MEDIUM

aiohttp < 3.9.0 - HTTP Request Smuggling via CRLF Injection

CVE-2023-4768 MEDIUM

ManageEngine Desktop Central <9.1.0 - CRLF Injection

CVE-2023-4767 MEDIUM

ManageEngine Desktop Central <9.1.0 - CRLF Injection

CVE-2023-26148 MEDIUM

ithewei libhv - CRLF Injection via Request Header Manipulation

CVE-2023-26138 MEDIUM

drogonframework/drogon - CRLF Injection

CVE-2023-34472 MEDIUM

AMI MegaRAC SPx BMC - HTTP Header Injection via CRLF Sequences

CVE-2023-26130 HIGH

yhirose/cpp-httplib < 0.12.4 - CRLF Injection

CVE-2023-23936 MEDIUM

Undici <5.19.1 - CRLF Injection

Previous Page 5 of 7 Next

Details

Vulnerabilities 174

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy