Lucene search
+L

8 matches found

OSV
OSV
added 2026/04/09 7:40 p.m.6 views

CVE-2026-35577 Missing Host Header Validation in Apollo MCP Server for Localhost Deployments

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

6.8CVSS6AI score0.00182EPSS
Exploits0References5
OSV
OSV
added 2026/04/02 5:57 p.m.3 views

CVE-2026-34715 ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting)

ewe is a Gleam web server. Prior to version 3.0.6, the encodeheaders function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF \r\n sequences. An application that passes user-controlled data into...

5.3CVSS5.7AI score0.00327EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/14 4:49 p.m.3 views

CVE-2026-22779

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

6.3CVSS5.6AI score0.00307EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 3:36 a.m.20 views

CVE-2023-2848

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...

8.8CVSS6.7AI score0.00309EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/09/14 12:15 p.m.25 views

CVE-2023-2848

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...

8.8CVSS7.2AI score0.00309EPSS
Exploits0References4
OSV
OSV
added 2023/09/14 12:15 p.m.4 views

UBUNTU-CVE-2023-2848

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/09/14 11:36 a.m.7 views

CVE-2023-2848

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...

8CVSS6.7AI score0.00309EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/14 12:0 a.m.6 views

Movim Access Control Error Vulnerability

Movim is a syndicated blogging and chat platform that acts as a web front end for the XMPP protocol. A security vulnerability exists in Movim versions prior to 0.22Z, which stems from a lack of header validation, leading to a cross-site WebSocket hijacking issue...

8.8CVSS6.6AI score0.00309EPSS
Exploits0References4
Rows per page
Query Builder