CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

389 matches found

ExponentCMS <= 2.6 - Host Header Injection

An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM. id: CVE-2021-38751 info: name: ExponentCMS = 2.6 - Host Header Injection author:...

4.3CVSS6AI score0.02468EPSS

Exploits1References5

RedhatCVE•added 2 days ago•6 views

CVE-2026-54588

A flaw was found in Poweradmin, a web-based DNS administration tool. An unauthenticated attacker can exploit this vulnerability by manipulating the HTTPHOST request header. This manipulation allows the attacker to poison the redirecturi used in the OpenID Connect OIDC, Security Assertion Markup...

9.6CVSS5.8AI score0.00312EPSS

Exploits0References2

RedhatCVE•added 2 days ago•5 views

CVE-2026-48491

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability allows an unauthenticated client to bypass mutual Transport Layer Security TLS enforcement, a security measure that verifies both client and server identities. The bypass occurs due to an issue in Traefik's...

9.1CVSS5.8AI score0.00228EPSS

Exploits0References5

RedhatCVE•added 2026/06/05 7:48 p.m.•9 views

CVE-2026-36604

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...

6.5CVSS5.5AI score0.00254EPSS

Exploits0References1

RedHat Linux•added 2026/04/30 1:58 p.m.•7 views

tomcat: Client certificate verification bypass due to virtual host mapping

A certificate validation flaw has been found in Apache Tomcat. omcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one ...

9.1CVSS7AI score0.00235EPSS

Exploits0References5

EUVD•added 2026/04/14 10:32 p.m.•4 views

EUVD-2026-22811

Serendipity has a Host Header Injection allows SMTP header injection via unvalidated HTTPHOST in Message-ID email header...

7.2CVSS5.8AI score0.00255EPSS

Exploits1References2

RedhatCVE•added 2026/02/27 10:14 a.m.•6 views

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

6.1CVSS6AI score0.00207EPSS

Exploits0References1

OSV•added 2026/02/26 8:16 a.m.•5 views

CVE-2026-1698

6.1CVSS5.8AI score0.00207EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:23 a.m.•10 views

CVE-2021-31702

Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS...

7.5CVSS7AI score0.01236EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:32 a.m.•9 views

CVE-2019-16532

An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections...

6.1CVSS7.2AI score0.01221EPSS

Exploits1References1

OSV•added 2025/12/19 9:15 p.m.•6 views

CVE-2023-53958

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...

8.6CVSS5.8AI score0.00349EPSS

Exploits0References3