Lucene search
+L

82 matches found

CVE
CVE
added yesterday7 views

CVE-2024-23577

CVE-2024-23577 : The HCL Aftermarket EPC product is vulnerable due to lack of HOST header validation, allowing arbitrary hosts via HTTP. This can enable Host header poisoning and potential server misconfigurations. The available documents do not specify affected versions, exact vulnerable compone...

4.3CVSS5.6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2024-23577

HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...

4.3CVSS5.6AI score
Exploits0References2Affected Software1
NVD
NVD
added 2026/07/02 12:16 a.m.8 views

CVE-2026-55791

Craft CMS is a content management system CMS. Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default...

6.9CVSS0.0033EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 11:13 p.m.35 views

CVE-2026-55791 Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs

Craft CMS is a content management system CMS. Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default...

6.9CVSS0.0033EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:13 p.m.42 views

CVE-2026-55791

Craft CMS vulnerability CVE-2026-55791 enables SSRF and Arbitrary JavaScript Injection via /actions/app/resource-js when assetManager.cacheSourcePaths is false and trustedHosts is permissive. An attacker can poison Host/X-Forwarded-Host to hijack $baseUrl, causing Craft::createGuzzleClient()->...

6.9CVSS5.8AI score0.0033EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 11:13 p.m.4 views

CVE-2026-55791 Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs

Craft CMS is a content management system CMS. Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default...

6.9CVSS5.9AI score0.0033EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/19 9:15 p.m.10 views

Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs

Overview Craft CMS is vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default permissive trustedHosts configuration, an attacker can poison the Host or X-Forwarded-Host header to manipulate the...

6.9CVSS6.1AI score0.0033EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/03 7:56 p.m.5 views

CVE-2026-34835

A flaw was found in Rack. A remote attacker could exploit this by sending a specially crafted Host header containing characters not permitted in standard hostnames. This malformed header bypasses hostname validation in applications using Rack::Request, leading to host header poisoning. This can...

6.5CVSS5.8AI score0.00192EPSS
Exploits2References4
EUVD
EUVD
added 2026/04/02 8:36 p.m.4 views

EUVD-2026-18478

Rack::Request accepts invalid Host characters, enabling host allowlist bypass...

4.8CVSS5.8AI score0.00192EPSS
Exploits2References2
OSV
OSV
added 2026/04/02 6:16 p.m.4 views

DEBIAN-CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

6.5CVSS5.3AI score0.00192EPSS
Exploits2References1
OSV
OSV
added 2026/04/02 6:16 p.m.6 views

UBUNTU-CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

6.5CVSS5.8AI score0.00192EPSS
Exploits2References4
CVE
CVE
added 2026/04/02 5:9 p.m.51 views

CVE-2026-34835

Rack exposes a vulnerability in Rack::Request where Host header parsing uses an AUTHORITY regex that accepts characters not allowed by RFC hostnames (e.g., /, ?, #, @). Versions affected: 3.0.0.beta1 through 3.1.20, and 3.2.0 through 3.2.5. This can allow host header poisoning when apps rely on r...

6.5CVSS5.8AI score0.00192EPSS
Exploits2References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:9 p.m.5 views

CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

4.8CVSS5.8AI score0.00192EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 5:9 p.m.5 views

CVE-2026-34835 Rack: `Rack::Request` accepts invalid Host characters, enabling host allowlist bypass.

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

4.8CVSS5.8AI score0.00192EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.9 views

PT-2026-29857

Rack versions 3.0.0.beta1 through 3.1.21, and 3.2.0 through 3.2.6 are affected by an issue where the Rack::Request component improperly parses the Host header, accepting characters not permitted in RFC-compliant hostnames such as /, ?, , and @. This can lead to host header poisoning in applicatio...

6.5CVSS5.7AI score0.00192EPSS
Exploits2References25
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.9 views

PT-2026-29913

Summary Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.host returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be...

4.8CVSS5.9AI score0.00192EPSS
Exploits2References4
OSV
OSV
added 2026/03/11 12:29 a.m.2 views

GHSA-VHJ5-X93P-67JW actix-web-lab has host header poisoning in redirect middleware can generate attacker-controlled absolute redirects

Summary actix-web-lab redirect middleware uses request-derived host information to construct absolute redirect URLs for example, https://hostnamepath. In deployments without strict host allowlisting, an attacker can supply a malicious Host header and poison the Location response header, causing...

5.4CVSS5.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/11 12:29 a.m.18 views

actix-web-lab has host header poisoning in redirect middleware can generate attacker-controlled absolute redirects

Summary actix-web-lab redirect middleware uses request-derived host information to construct absolute redirect URLs for example, https://hostnamepath. In deployments without strict host allowlisting, an attacker can supply a malicious Host header and poison the Location response header, causing...

5.8AI score
Exploits0References4Affected Software1
Exploit DB
Exploit DB
added 2026/03/03 12:0 a.m.229 views

mailcow 2025-01a - Host Header Password Reset Poisoning

Exploit Title: mailcow 2025-01a - Host Header Password Reset Poisoning Date: 2025-10-21 Exploit Author: Iam Alvarez AKA Groppoxx / Maizeravla Vendor Homepage: https://mailcow.email Software Link: https://github.com/mailcow/mailcow-dockerized Version: 2025-01a REQUIRED Tested on: Ubuntu 22.04.5 LT...

8.8CVSS5.9AI score0.01089EPSS
Exploits4
NVD
NVD
added 2026/02/20 5:25 p.m.7 views

CVE-2026-26747

A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.forceurl" is not set and default is "false". The application generates absolute URLs suc...

9.1CVSS0.00391EPSS
Exploits1References2
Rows per page
Query Builder