Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2025/10/17 2:52 p.m.2 views

CVE-2025-61543

A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses $SERVER'HTTPHOST' directly to construct password reset links sent via email. An attacker can manipulate the Host header to send malicious reset links, enabling phishing attacks ...

7.1CVSS7.3AI score0.0004EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/16 3:30 p.m.1 views

EUVD-2025-34765

A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses $SERVER'HTTPHOST' directly to construct password reset links sent via email. An attacker can manipulate the Host header to send malicious reset links, enabling phishing attacks ...

7.1CVSS6.8AI score0.0004EPSS
Exploits0References3
NVD
NVDadded 2025/10/16 3:15 p.m.2 views

CVE-2025-61543

A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses $SERVER'HTTPHOST' directly to construct password reset links sent via email. An attacker can manipulate the Host header to send malicious reset links, enabling phishing attacks ...

7.1CVSS0.0004EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/10/16 12:0 a.m.6 views

CVE-2025-61543

A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses $SERVER'HTTPHOST' directly to construct password reset links sent via email. An attacker can manipulate the Host header to send malicious reset links, enabling phishing attacks ...

0.0004EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/10/16 12:0 a.m.1 views

CraftMyCMS 安全漏洞

CraftMyCMS is a content management system by Kévin GUIOT Individual Developer. A security vulnerability exists in CraftMyCMS version 4.0.2, which stems from the password reset feature constructing a reset link directly using the HTTPHOST header, which could lead to a phishing attack or account...

7.1CVSS6.8AI score0.0004EPSS
Exploits0References2
CVE
CVEadded 2025/10/16 12:0 a.m.3 views

CVE-2025-61543

CraftMyCMS 4.0.2.2 is affected by a Host Header Injection vulnerability in its password reset flow. The application uses $_SERVER['HTTP_HOST'] to construct reset links, allowing an attacker to alter the Host header and send malicious reset URLs, enabling phishing or potential account takeover. Th...

7.1CVSS6.9AI score0.0004EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/10/16 12:0 a.m.2 views

CVE-2025-61543

A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses $SERVER'HTTPHOST' directly to construct password reset links sent via email. An attacker can manipulate the Host header to send malicious reset links, enabling phishing attacks ...

6.9AI score0.0004EPSS
Exploits0References2
Rows per page
Query Builder