Fallos del tipo CWE-113
81 resultadosCVE-2026-38978MEDIUMtransmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths.EPSS 0.3%CVE-2023-48256MEDIUMThe vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s seEPSS 0.3%CVE-2026-34519LOWAIOHTTP: HTTP response splitting via \r in reason phraseEPSS 0.3%CVE-2026-44214MEDIUMeventsource-encoder: SSE event injection via unsanitized event and id fieldsEPSS 0.3%CVE-2026-50269LOWAIOHTTP: CRLF injection in multipart headersEPSS 0.3%CVE-2026-39971HIGHSerendipity: Host Header Injection leads to SMTP header injection via unvalidated HTTP_HOSTEPSS 0.3%CVE-2025-30221MEDIUMPitchfork HTTP Request/Response Splitting vulnerabilityEPSS 0.3%CVE-2026-24320LOWMemory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)EPSS 0.2%CVE-2025-42934MEDIUMCRLF Injection vulnerability in SAP S/4HANA (Supplier invoice)EPSS 0.2%CVE-2026-44489LOWAxios: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype FixEPSS 0.2%CVE-2026-7010MEDIUMHTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header valuesEPSS 0.2%CVE-2026-9658HIGHPlack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request pathsEPSS 0.2%CVE-2024-45687LOWHTTP Server incorrectly accepting disallowed characters within header valuesEPSS 0.2%CVE-2026-47675MEDIUMHono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injectionEPSS 0.2%CVE-2026-42874LOWMicrodot: HTTP response splitting in Response.set_cookie()EPSS 0.2%CVE-2026-34767MEDIUMElectron: HTTP Response Header Injection in custom protocol handlers and webRequestEPSS 0.2%CVE-2026-27810MEDIUMcalibre Vulnerable to HTTP Response Header InjectionEPSS 0.2%CVE-2026-49214MEDIUMguzzlehttp/psr7 has CRLF Injection via URI Host ComponentEPSS 0.2%CVE-2026-48596LOWCRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injectionEPSS 0.2%CVE-2026-23686LOWCRLF Injection vulnerability in SAP NetWeaver Application Server JavaEPSS 0.2%