Lucene search
K

228 matches found

CVE
CVE
added 6 hours ago8 views

CVE-2026-34198

CVE-2026-34198 concerns Coolify prior to 4.0.0-beta.471. The vulnerability stems from TrustProxies trusting all proxies and accepting X-Forwarded-Host from any source, combined with a circular dependency in TrustHosts that prevents host validation. As a result, when a password reset is requested,...

5.3CVSS6AI score
Exploits0References4
Snyk
Snyk
added 5 days ago4 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the OIDC discovery process when the X-Forwarded-Host header is not validated and no allowed-hosts list is configured. An attacker can manipulate the issuer and JWKS URI in the discovery document by supplying a...

8.2CVSS6AI score0.00246EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-41427

Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...

8.2CVSS5.8AI score0.00246EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-59096 Dapr - OIDC Discovery Issuer and JWKS URI Injection via Unvalidated X-Forwarded-Host

Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...

8.2CVSS0.00246EPSS
Exploits0References4
CVE
CVE
added 2026/06/22 7:34 a.m.16 views

CVE-2026-54665

Apache NiFi (versions 0.0.1–2.9.0) is affected by an input-validation flaw where URL redirection/data references can be influenced by non-standard host headers. NiFi 1.6.0 added a proxy-host header validation mechanism, but validation was not applied to alternative headers (X-ProxyHost, X-Forward...

6.3CVSS5.9AI score0.00268EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/22 7:34 a.m.10 views

EUVD-2026-38216

Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alternative to the standard Host header without validating the values provided. Apache NiFi 1.6.0 introduced a configurable application property to restrict values provided in...

6.3CVSS5.9AI score0.00268EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.9 views

CVE-2026-10839

Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or...

5.1CVSS0.0042EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.9 views

CVE-2026-10837

Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited...

5.1CVSS0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 11:11 a.m.15 views

CVE-2026-10839

CVE-2026-10839 describes an open redirect in the Password Manager authentication system. The vulnerability arises from manipulation of the X-Forwarded-Host header to alter generated URLs, potentially redirecting authenticated users to malicious sites after login. Impact is limited to confidential...

5.1CVSS5.3AI score0.0042EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 11:11 a.m.14 views

CVE-2026-10837

CVE-2026-10837 describes an open redirection vulnerability in a Password Manager caused by insufficient validation of the X-Forwarded-Host header. The issue allows an attacker to craft links that, when clicked by a victim, redirect to attacker-controlled domains, enabling phishing or deception wh...

5.1CVSS5.3AI score0.00315EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/10 7:12 p.m.7 views

Reliance on Untrusted Inputs in a Security Decision

Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision through the AllowedHostsMiddleware in the host validation middleware. An attacker can bypa...

6.3CVSS5.4AI score0.00024EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 7:12 p.m.6 views

GHSA-3QMC-CJ7Q-62HV Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header

Summary AllowedHostsMiddleware trusts the X-Forwarded-Host header as a fallback when the Host header is absent. Since X-Forwarded-Host is a client-controllable header, an attacker can bypass the allowed hosts validation by omitting the Host header and supplying an X-Forwarded-Host header set to a...

5.9CVSS5.6AI score0.00024EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/10 7:12 p.m.15 views

Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header

Summary AllowedHostsMiddleware trusts the X-Forwarded-Host header as a fallback when the Host header is absent. Since X-Forwarded-Host is a client-controllable header, an attacker can bypass the allowed hosts validation by omitting the Host header and supplying an X-Forwarded-Host header set to a...

5.6AI score0.00024EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48543

Summary AllowedHostsMiddleware trusts the X-Forwarded-Host header as a fallback when the Host header is absent. Since X-Forwarded-Host is a client-controllable header, an attacker can bypass the allowed hosts validation by omitting the Host header and supplying an X-Forwarded-Host header set to a...

5.9CVSS5.7AI score0.00024EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-40905

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. The application uses the X-Forwarded-Host header when generating password reset URLs. By...

8.1CVSS5.5AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.10 views

CVE-2026-42606

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...

8.8CVSS5.8AI score0.00476EPSS
Exploits1References1
NVD
NVD
added 2026/05/09 8:16 p.m.21 views

CVE-2026-42606

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...

8.8CVSS0.00476EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/09 7:43 p.m.8 views

CVE-2026-42606

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...

8.1CVSS5.8AI score0.00476EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/09 7:43 p.m.7 views

CVE-2026-42606 AzuraCast: Password Reset Poisoning via Untrusted X-Forwarded-Host Header Leads to Account Takeover and 2FA Bypass

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...

8.1CVSS5.8AI score0.00476EPSS
Exploits1References3
CVE
CVE
added 2026/05/09 7:43 p.m.27 views

CVE-2026-42606

CVE-2026-42606 (AzuraCast) : The vulnerability arises from the ApplyXForwarded middleware unconditionally trusting the client-supplied X-Forwarded-Host header with no trusted-proxy allowlist, allowing an unauthenticated attacker to poison the password-reset URL during forgot-password flow. The at...

8.8CVSS5.8AI score0.00476EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder