CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

69 matches found

CVE-2026-10836

Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising...

5.1CVSS0.00308EPSS

Exploits0References1

NVD•added 2026/06/09 6:17 p.m.•9 views

CVE-2026-50635

LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default and documented configuration, so LSHttpRequest::checkIsAllowedHost results in no operation....

8.8CVSS0.00372EPSS

Exploits0References3

RedhatCVE•added 2026/06/05 7:34 p.m.•5 views

CVE-2026-10269

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...

6.5CVSS6AI score0.00276EPSS

Exploits0References1

Snyk•added 2026/05/18 11:47 a.m.•7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Host header when constructing response URLs for custom slash commands. An attacker can redirect responses to a server under their control by sending a specially crafted request with a spoofed Hos...

5CVSS5.8AI score0.00137EPSS

Exploits0References2

Cvelist•added 2026/04/22 11:30 p.m.•33 views

CVE-2026-6874 ericc-ch copilot-api Header token dns rebinding

A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...

5.3CVSS0.00248EPSS

Exploits0References4

RedhatCVE•added 2026/04/01 11:1 p.m.•8 views

CVE-2026-34442

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

6.1CVSS5.7AI score0.00219EPSS

Exploits1References1

NVD•added 2026/03/31 10:16 p.m.•4 views

CVE-2026-34442

6.1CVSS0.00219EPSS

Exploits1References3

Vulnrichment•added 2026/03/31 9:28 p.m.•4 views

CVE-2026-34442 FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout

5.4CVSS5.7AI score0.00219EPSS

Exploits1References3

EUVD•added 2026/03/31 9:28 p.m.•7 views

EUVD-2026-17673

5.4CVSS5.7AI score0.00219EPSS

Exploits1References3

Positive Technologies•added 2026/03/31 12:0 a.m.•4 views

PT-2026-29374

6.1CVSS5.7AI score0.00219EPSS

Exploits1References5

CNNVD•added 2026/03/26 12:0 a.m.•6 views

Tandoor Recipes 安全漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes 2.5.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the default setting ALLOWEDHOSTS = , which could all...

8.1CVSS5.8AI score0.00304EPSS

Exploits1References1

Snyk•added 2026/02/26 3:13 a.m.•3 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the forgot password process. An attacker can gain unauthorized access to user accounts by manipulating the Host header to injecting custom domains into the password reset link sent to users...

9.3CVSS6AI score0.00245EPSS

Exploits0References2

RedhatCVE•added 2026/01/27 3:23 p.m.•4 views

CVE-2025-41083

Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick the victim into sending login credentials to a malicious...

5.1CVSS5.9AI score0.00434EPSS

Exploits0References1

NVD•added 2026/01/26 10:16 a.m.•5 views

CVE-2025-41083

5.1CVSS0.00434EPSS

Exploits0References1

CVE•added 2026/01/26 9:42 a.m.•9 views

CVE-2025-41083

CVE-2025-41083 affects Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude. The issue is manipulation of the Host header in HTTP requests, enabling redirection to an arbitrary URL or altering the base URL to lure users into sending login credentials to a mali...

5.1CVSS5.9AI score0.00434EPSS

Exploits0References1

Cvelist•added 2026/01/26 9:42 a.m.•32 views

CVE-2025-41083 Improper Neutralization in Altitude Communication Server

5.1CVSS0.00434EPSS

Exploits0References1

EUVD•added 2026/01/26 9:42 a.m.•6 views

EUVD-2025-206376

5.1CVSS5.9AI score0.00434EPSS

Exploits0References1

ATTACKERKB•added 2026/01/26 9:42 a.m.•3 views

CVE-2025-41083

5.1CVSS5.9AI score0.00434EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/01/26 9:42 a.m.•4 views

CVE-2025-41083 Improper Neutralization in Altitude Communication Server

5.1CVSS5.9AI score0.00434EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:51 a.m.•13 views

CVE-2020-10966

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name...

6.5CVSS6.9AI score0.01853EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by