CVE-2026-48710

A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...

CVE-2026-32591

A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An...

Incorrect Regular Expression

Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Incorrect Regular Expression via the allowedhosts host validation. An attacker can gain unauthorized access by supplying a specially crafted...

EUVD-2012-1088

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-22881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in...

Amazon Linux 2023 : runc (ALAS2023-2023-311)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-311 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to...

SUSE CVE-2012-0435

SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984...

CVE-2021-22881

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...

PT-2021-15252

Name of the Vulnerable Software and Affected Versions Action Pack versions prior to 6.1.2.1 Action Pack versions prior to 6.0.3.5 Description The Host Authorization middleware in Action Pack suffers from an open redirect issue. Specially crafted Host headers, in combination with certain "allowed...

Null pointer dereference

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing '' character in an IPv6 address...

PT-2018-2958 · Embedthis · Appweb +1

Name of the Vulnerable Software and Affected Versions: Embedthis GoAhead versions prior to 4.0.1 Embedthis Appweb versions prior to 7.0.2 Description: The issue is related to errors in processing HTTP requests. It may allow a remote attacker to cause a denial of service. This can be achieved by...

CVE-2015-7263

The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value...

CVE-2015-7263

The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value...

Memory corruption

SAP SLD Registration Program aka SLDREG allows local users to cause a denial of service memory corruption and process termination via a crafted HOST parameter, aka SAP Security Note 2125623...

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

CVE-2012-1050

Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header...

Directory traversal

Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header...

CVE-2012-1050

Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header...

DSA-2329-1 torque - buffer overflow

Bulletin has no description...