Lucene search
K

3573 matches found

CVE
CVE
added yesterday14 views

CVE-2026-45074

Symfony’s Cas2Handler derives the CAS service URL from Request::getSchemeAndHttpHost(), which uses the Host header when framework.trusted_hosts is not configured. An attacker controlling another app registered with the same CAS server can replay a victim’s CAS ticket and authenticate as that vict...

7.6CVSS6.1AI score0.00064EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday10 views

CVE-2026-6790

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS0.00196EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43646

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS6.1AI score0.00196EPSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-6790

In Eclipse Jetty, HTTP/1 requests to HTTP/1.3 (HTTP/2/3 included) do not enforce that the request authority (host and port) matches the Host header when present. This mismatch can affect URI redirects, virtual host selection, reverse proxying, and logs. The issue is described across CVE sources (...

5.3CVSS6.1AI score0.00196EPSS
Exploits0References1Affected Software1
Nuclei
Nuclei
added yesterday34 views

Plone Docker - Host Header Injection

Plone Docker Official Image 5.2.13 5221 is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. This can lead to Cross-Site Scripting XSS attacks when the malicious Host header value is reflected in the response. id: CVE-2024-23055 info: name: Plone Docker ...

6.1CVSS6.8AI score0.00911EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday14 views

Astro SSR - Server-Side Request Forgery

Astro before 5.17.3 and @astrojs/node before 9.5.4 are vulnerable to full-read SSRF due to improper Host header validation in error page rendering, allowing attackers to redirect requests and access internal resources. id: CVE-2026-25545 info: name: Astro SSR - Server-Side Request Forgery author:...

8.6CVSS6.1AI score0.01414EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday12 views

Starlette - Improper Validation of Unsafe Equivalence in Input

A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...

6.5CVSS6.3AI score0.01438EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday40 views

ExponentCMS <= 2.6 - Host Header Injection

An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM. id: CVE-2021-38751 info: name: ExponentCMS = 2.6 - Host Header Injection author:...

4.3CVSS6.2AI score0.02468EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago27 views

Ruby on Rails - Open Redirect via Host Header Injection

Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...

6.1CVSS6.6AI score0.87301EPSS
Exploits1References2
NVD
NVD
added 5 days ago7 views

CVE-2026-55641

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this...

8.2CVSS0.00246EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-55641 9router: Unauthenticated `/v1` proxy access via `Host`-header spoofing → open AI relay + SSRF

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this...

8.2CVSS0.00246EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42930

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this...

8.2CVSS6.1AI score0.00246EPSS
Exploits0References3
CVE
CVE
added 5 days ago9 views

CVE-2026-55641

9router (affected component: /v1 LLM proxy logic) had an unauthenticated bypass due to client-controlled Host header processing before version 0.5.2. This allowed a remote attacker to craft Host: localhost to bypass API-key checks, potentially enabling upstream provider calls with stored credenti...

8.2CVSS6.1AI score0.00246EPSS
Exploits0References3
OSV
OSV
added 5 days ago3 views

CVE-2026-55641 9router: Unauthenticated `/v1` proxy access via `Host`-header spoofing → open AI relay + SSRF

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this...

8.2CVSS6.1AI score0.00246EPSS
Exploits0References5
CVE
CVE
added 6 days ago11 views

CVE-2026-15202

CVE-2026-15202 affects YzmCMS up to version 7.5. The vulnerability resides in the get_url function of /yzmphp/yzmphp.php within the Header Handler, where manipulation of the HTTP_HOST argument enables cross-site scripting. Exploitation is remote and publicly disclosed. Vendor contact did not elic...

5.3CVSS4.1AI score0.00263EPSS
Exploits0References5
Cvelist
Cvelist
added last week33 views

CVE-2026-8651 IPv6 Loopback Spoof via Trusted Host Header Bypasses Origin Check in MOVEit Transfer

Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer HTTPS module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

3.7CVSS0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 12:3 a.m.34 views

CVE-2026-55430 Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

5.8CVSS0.00208EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/08 12:3 a.m.8 views

EUVD-2026-42136

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

6.8CVSS6AI score0.00208EPSS
Exploits0References6
OSV
OSV
added 2026/07/08 12:3 a.m.8 views

CVE-2026-55430 Coder's subdomain workspace app routing trusts unauthenticated X-Forwarded-Host header, enabling cross-app data access

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

5.8CVSS6AI score0.00208EPSS
Exploits0References8
CVE
CVE
added 2026/07/07 3:1 a.m.10 views

CVE-2026-34198

CVE-2026-34198 concerns Coolify prior to 4.0.0-beta.471. The vulnerability stems from TrustProxies trusting all proxies and accepting X-Forwarded-Host from any source, combined with a circular dependency in TrustHosts that prevents host validation. As a result, when a password reset is requested,...

5.3CVSS6AI score0.00139EPSS
Exploits0References4
Rows per page
Query Builder