Vulnerabilities > Improper Neutralization of HTTP Headers for Scripting Syntax
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-07 | CVE-2023-35894 | IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 5.4 |
| 2025-02-11 | CVE-2025-23191 | Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. | 3.1 |
| 2021-07-14 | CVE-2021-20784 | Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in Voidtools Everything HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product. | 6.1 |