107 matches found
CVE-2026-55791
Craft CMS is a content management system CMS. Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default...
CVE-2026-55791 Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs
Craft CMS is a content management system CMS. Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default...
CVE-2026-55791
Craft CMS vulnerability CVE-2026-55791 enables SSRF and Arbitrary JavaScript Injection via /actions/app/resource-js when assetManager.cacheSourcePaths is false and trustedHosts is permissive. An attacker can poison Host/X-Forwarded-Host to hijack $baseUrl, causing Craft::createGuzzleClient()->...
Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs
Overview Craft CMS is vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default permissive trustedHosts configuration, an attacker can poison the Host or X-Forwarded-Host header to manipulate the...
Origin Validation Error
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Origin Validation Error via the actionResourceJs process. An attacker can execute arbitrary JavaScript in the context of an administrator's browser and potentially achieve remote code executi...
PT-2026-51113
Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.17.9 Craft CMS versions 5.0.0-RC1 through 5.9.9 Description Craft CMS is subject to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection via the '/actions/app/resource-js' endpoint. The iss...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain ...
Prototype Pollution
Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the setProxy function. An attacker can inject arbitrary credentials into the Proxy-Authorization header of proxied HTTP requests by polluting the...
Linux Distros Unpatched Vulnerability : CVE-2026-44572
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data...
CVE-2026-42606
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...
EUVD-2026-28937
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...
CVE-2026-42606 AzuraCast: Password Reset Poisoning via Untrusted X-Forwarded-Host Header Leads to Account Takeover and 2FA Bypass
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...
SUSE CVE-2026-34835
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...
CVE-2026-34835
A flaw was found in Rack. A remote attacker could exploit this by sending a specially crafted Host header containing characters not permitted in standard hostnames. This malformed header bypasses hostname validation in applications using Rack::Request, leading to host header poisoning. This can...
GHSA-G2PF-XV49-M2H5 Rack::Request accepts invalid Host characters, enabling host allowlist bypass
Summary Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.host returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be...
EUVD-2026-18478
Rack::Request accepts invalid Host characters, enabling host allowlist bypass...
DEBIAN-CVE-2026-34835
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...
UBUNTU-CVE-2026-34835
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...
CVE-2026-34835 Rack: `Rack::Request` accepts invalid Host characters, enabling host allowlist bypass.
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...
CVE-2026-34835
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...