Lucene search
+L

448 matches found

Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.12 views

PT-2026-6000

Name of the Vulnerable Software and Affected Versions Ofisimo Web-Based Software Technologies Association Web Package Flora versions 3.0 through 03022026 Description The software contains a flaw related to improper input handling during web page generation, potentially leading to Cross-site...

7.6CVSS5.4AI score0.00282EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.8 views

PT-2026-5844

Name of the Vulnerable Software and Affected Versions EspoCRM version 5.8.5 Description The software contains an authentication issue that allows unauthorized access to user accounts. Attackers can manipulate authorization headers, specifically decoding and modifying Basic Authorization and...

9.8CVSS5.4AI score0.00454EPSS
Exploits1References5
NVD
NVD
added 2026/01/30 11:16 p.m.7 views

CVE-2020-37056

Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and...

9.8CVSS0.00537EPSS
Exploits0References3
CVE
CVE
added 2026/01/30 10:7 p.m.15 views

CVE-2020-37056

The CVE-2020-37056 entry concerns Crystal Shard http-protection 0.2.0, where an IP-spoofing flaw allows bypass of protection middleware by crafting headers. Specifically, attackers can set consistent values in X-Forwarded-For, X-Client-IP, and X-Real-IP to defeat checks and gain unauthorized acce...

9.8CVSS5.9AI score0.00537EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/30 10:7 p.m.4 views

CVE-2020-37056 Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass

Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and...

9.8CVSS5.4AI score0.00537EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/30 10:7 p.m.24 views

CVE-2020-37056 Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass

Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and...

9.8CVSS0.00537EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.11 views

PT-2026-5492

Name of the Vulnerable Software and Affected Versions Crystal Shard http-protection version 0.2.0 Description The software contains an IP spoofing issue that allows attackers to bypass protection middleware. This is achieved by manipulating request headers to hardcode consistent IP values across...

9.8CVSS5.3AI score0.00537EPSS
Exploits0References5
CVE
CVE
added 2026/01/27 3:23 p.m.10 views

CVE-2021-47900

Gila CMS

9.8CVSS6.7AI score0.00602EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/27 3:23 p.m.22 views

CVE-2021-47900 Gila CMS < 2.0.0 - Remote Code Execution

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...

9.8CVSS0.00602EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/27 3:23 p.m.7 views

CVE-2025-41083

Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...

5.1CVSS5.9AI score0.00434EPSS
Exploits0References1
NVD
NVD
added 2026/01/26 10:16 a.m.7 views

CVE-2025-41083

Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...

5.1CVSS0.00434EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/26 9:42 a.m.8 views

EUVD-2025-206376

Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...

5.1CVSS5.9AI score0.00434EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/26 9:42 a.m.38 views

CVE-2025-41083 Improper Neutralization in Altitude Communication Server

Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...

5.1CVSS0.00434EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/26 9:42 a.m.3 views

CVE-2025-41083

Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...

5.1CVSS5.9AI score0.00434EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/01/26 9:42 a.m.13 views

CVE-2025-41083

CVE-2025-41083 affects Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude. The issue is manipulation of the Host header in HTTP requests, enabling redirection to an arbitrary URL or altering the base URL to lure users into sending login credentials to a mali...

5.1CVSS5.9AI score0.00434EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/26 9:42 a.m.5 views

CVE-2025-41083 Improper Neutralization in Altitude Communication Server

Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...

5.1CVSS5.9AI score0.00434EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/21 12:31 a.m.5 views

EUVD-2026-3520

User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS5.4AI score0.00463EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.6 views

PT-2026-2972

Impact The HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new header or even create a new HTTP request. Exploitation requires developers to pass unsanitized user input...

6.3CVSS6.8AI score0.00307EPSS
Exploits0References6
Hacker One
Hacker One
added 2026/01/10 6:58 a.m.21 views

curl: CRLF Injection in HTTP header values allows arbitrary header injection

curl allows carriage return \r and line feed \n characters inside HTTP header values. When attacker-controlled data is used in a header value e.g., Authorization: Bearer , curl construct and sends a malformed HTTP request containing injected headers. This violates HTTP specification RFC 7320 /RFC...

6.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/01/09 4:19 p.m.5 views

CVE-2026-22198 GestSup < 3.2.60 Stored XSS in API Error Logs

GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting XSS vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value for example, to /api/v1/ticket.php, an unauthenticated attacker can cause...

5.1CVSS5.5AI score0.00258EPSS
Exploits0References2
Rows per page
Query Builder