CWE-93 · CRLF Injection
183 CVEs classified under CWE-93 (CRLF Injection). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-45372 | Critical | 9.9 | 2026-05-29 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it app… |
CVE-2026-11362 | Critical | 9.8 | 2026-06-05 | DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metri… |
CVE-2026-42257 | Critical | 9.8 | 2026-05-09 | Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP comma… |
CVE-2024-32986 | Critical | 9.6 | 2024-05-03 | PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as… |
CVE-2026-11373 | Critical | 9.1 | 2026-06-22 | Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant… |
CVE-2026-50638 | Critical | 9.1 | 2026-06-10 | Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstat… |
CVE-2026-9270 | Critical | 9.1 | 2026-06-05 | DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of… |
CVE-2026-39958 | Critical | 9.1 | 2026-04-09 | oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories (topics) named "Topic Manifests… |
CVE-2026-39849 | High | 8.8 | 2026-05-05 | Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. In versions before 6.6.1, the `dns.interface` configuration fiel… |
CVE-2026-34458 | High | 8.8 | 2026-05-05 | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standa… |
CVE-2026-5140 | High | 8.8 | 2026-04-29 | Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Auth… |
CVE-2026-35521 | High | 8.8 | 2026-04-07 | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine conta… |
CVE-2026-35520 | High | 8.8 | 2026-04-07 | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine conta… |
CVE-2026-35519 | High | 8.8 | 2026-04-07 | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine conta… |
CVE-2026-35518 | High | 8.8 | 2026-04-07 | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine conta… |
CVE-2026-35517 | High | 8.8 | 2026-04-07 | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine conta… |
CVE-2025-28357 | High | 8.8 | 2025-10-01 | A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute arbitrary code via supplying a crafted HTTP request. |
CVE-2025-8715 | High | 8.8 | 2025-08-14 | Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the clie… |
CVE-2021-39172 | High | 8.8 | 2021-08-27 | Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new lin… |
CVE-2026-23953 | High | 8.7 | 2026-01-22 | Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configu… |