Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

85 matches found

Snyk
Snykadded 2026/05/20 3:46 p.m.7 views

Insecure Default Initialization of Resource

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the hasValidToken function. An attacker can gain unauthorized access to create and modify FAQ entries,...

8.7CVSS5.8AI score0.00098EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/04/23 11:3 a.m.7 views

Security Bulletin: Vulnerability in libsoup affects IBM Netezza Appliance

Summary The libsoup package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVECVE-2025-14523 Vulnerability Details CVEID:CVE-2025-14523 DESCRIPTION: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last...

8.2CVSS5.8AI score0.00024EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linuxadded 2026/04/13 6:36 p.m.1 views

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.7CVSS6.8AI score0.00036EPSS
Exploits2References6
Rosalinux
Rosalinuxadded 2026/03/15 6:5 p.m.6 views

Advisory ROSA-SA-2026-3208

Software: webmin 2.520 WASP: ROSA-CHROME unaffected versions = webmin-2.520-1 affected versions webmin-2.520-1 CVE-ID: CVE-2025-61541 BDU-ID: 2025-14429 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getwebminemailurl function of the Webmin hosting control panel is related to access delimitatio...

7.1CVSS5.7AI score0.00057EPSS
Exploits1
EUVD
EUVDadded 2026/02/26 9:30 a.m.3 views

EUVD-2026-8842

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

5.3CVSS5.6AI score0.00056EPSS
Exploits0References2
NVD
NVDadded 2026/02/26 8:16 a.m.7 views

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

6.1CVSS0.00056EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/26 7:58 a.m.3 views

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

6.1CVSS5.5AI score0.00056EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/26 12:0 a.m.3 views

PT-2026-22130

Name of the Vulnerable Software and Affected Versions PcVue WebClient and WebScheduler versions 15.0.0 through 16.3.3 Description A HTTP Host header attack affects the WebClient and WebScheduler web apps, potentially allowing a remote attacker to inject harmful payloads and manipulate server-side...

6.1CVSS5.8AI score0.00056EPSS
Exploits0References6
CVE
CVEadded 2026/02/09 3:35 a.m.4 views

CVE-2025-66596

CVE-2025-66596 affects Yokogawa FAST/TOOLS. The issue is improper validation of request headers, where an attacker providing an invalid Host header can cause users to be redirected to malicious sites. Affected FAST/TOOLS packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB, across versions R9.01 to R1...

6.9CVSS5.3AI score0.00038EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2026/01/09 5:15 p.m.2 views

CVE-2026-22198

GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting XSS vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value for example, to /api/v1/ticket.php, an unauthenticated attacker can cause...

6.1CVSS0.00053EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/01/09 9:4 a.m.2 views

CVE-2024-41801

OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the "Login required" setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProje...

6.1CVSS6.9AI score0.00337EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/12/19 12:0 a.m.2 views

PT-2025-52528

Name of the Vulnerable Software and Affected Versions LDAP Tool Box Self Service Password version 1.5.2 Description The software contains a password reset issue where attackers can manipulate HTTP Host headers during token generation. This allows crafting malicious password reset requests that...

8.6CVSS6.6AI score0.0004EPSS
Exploits0References7
Tenable Nessus
Tenable Nessusadded 2025/12/18 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2025-14874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Nodemailer. This vulnerability allows a denial of service DoS via a crafted email address header that triggers infinite recursion in the...

7.5CVSS7AI score0.00219EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2025/12/04 12:0 a.m.1 views

PT-2025-49169

Name of the Vulnerable Software and Affected Versions LaraDashboard versions prior to 2.3.0 Description LaraDashboard, an all-in-one solution for starting a Laravel Application, has an issue in the password reset flow where it trusts the Host header. This allows attackers to redirect an...

9.8CVSS7.2AI score0.00102EPSS
Exploits0References8
Redos
Redosadded 2025/11/13 12:0 a.m.2 views

ROS-20251113-02

The Webmin hosting control panel vulnerability involves manipulating the Host header to inject a malicious domain into a password reset email. malicious domain in a password reset link email. Exploitation of the vulnerability could allow an attacker acting remotely to intercept the password reset...

7.1CVSS7.1AI score0.00057EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2025/10/29 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-62727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP...

7.5CVSS6.4AI score0.00068EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2025/10/28 8:7 a.m.140 views

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4j2-BugMaker CVE-2021-44228 Log4Shell Vulnerability Dem...

10CVSS7.8AI score0.94358EPSS
Exploits341
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2002-2193

Malware in sbrugna...

5CVSS6.4AI score0.00904EPSS
Exploits1References7
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2018-1864

Malware in sbrugna...

8.8CVSS8.8AI score0.00409EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2014-9515

Malware in sbrugna...

5CVSS8.9AI score0.0451EPSS
Exploits2References16
Rows per page
Query Builder