Exploit for Server-Side Request Forgery in Vercel Next.Js

CVE-2024-34351 Demo Minimal Next.js 14.0.0 application for de...

CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2026-1316)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2026-1342)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-12543

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

CVE-2025-12543

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

Linux Distros Unpatched Vulnerability : CVE-2025-12543

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly...

Linux Distros Unpatched Vulnerability : CVE-2024-50305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users ar...

motor-admin 安全漏洞

motor-admin is a code-free management panel and business intelligence tool from Motor Admin open source. A security vulnerability exists in motor-admin versions 0.0.1 through 0.2.56, which stems from the vulnerability of the host header in the password reset function. An attacker could use this...

IBM Maximo Asset Management 安全漏洞

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. IBM Maximo Asset Management versions 7.6.1.1 and 7.6.1.2 are vulnerable due to an input validation error in the HOST header, which can be exploited by remote attackers to by sending a...

CVE-2022-25355

EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users...