Lucene search
K

107 matches found

NVD
NVD
added yesterday7 views

CVE-2026-55791

Craft CMS is a content management system CMS. Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default...

6.9CVSS0.0033EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-55791 Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs

Craft CMS is a content management system CMS. Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default...

6.9CVSS0.0033EPSS
Exploits0References2
CVE
CVE
added 2 days ago28 views

CVE-2026-55791

Craft CMS vulnerability CVE-2026-55791 enables SSRF and Arbitrary JavaScript Injection via /actions/app/resource-js when assetManager.cacheSourcePaths is false and trustedHosts is permissive. An attacker can poison Host/X-Forwarded-Host to hijack $baseUrl, causing Craft::createGuzzleClient()->...

6.9CVSS5.8AI score0.0033EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 9:15 p.m.6 views

Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs

Overview Craft CMS is vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default permissive trustedHosts configuration, an attacker can poison the Host or X-Forwarded-Host header to manipulate the...

6.9CVSS6.1AI score0.0033EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/19 9:15 p.m.4 views

Origin Validation Error

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Origin Validation Error via the actionResourceJs process. An attacker can execute arbitrary JavaScript in the context of an administrator's browser and potentially achieve remote code executi...

9.2CVSS6.6AI score0.0033EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-51113

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.17.9 Craft CMS versions 5.0.0-RC1 through 5.9.9 Description Craft CMS is subject to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection via the '/actions/app/resource-js' endpoint. The iss...

9.2CVSS6AI score0.0033EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 3:18 p.m.14 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain ...

9CVSS7AI score0.01815EPSS
Exploits5Affected Software1
Snyk
Snyk
added 2026/05/29 3:51 p.m.8 views

Prototype Pollution

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the setProxy function. An attacker can inject arbitrary credentials into the Proxy-Authorization header of proxied HTTP requests by polluting the...

9.1CVSS6.5AI score0.00535EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.29 views

Linux Distros Unpatched Vulnerability : CVE-2026-44572

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data...

5.9CVSS5.8AI score0.00195EPSS
Exploits0References2
NVD
NVD
added 2026/05/09 8:16 p.m.21 views

CVE-2026-42606

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...

8.8CVSS0.00476EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/09 7:43 p.m.7 views

EUVD-2026-28937

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...

8.1CVSS5.8AI score0.00476EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/09 7:43 p.m.7 views

CVE-2026-42606 AzuraCast: Password Reset Poisoning via Untrusted X-Forwarded-Host Header Leads to Account Takeover and 2FA Bypass

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to...

8.1CVSS5.8AI score0.00476EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.10 views

SUSE CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

6.5CVSS5.8AI score0.00192EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/04/03 7:56 p.m.4 views

CVE-2026-34835

A flaw was found in Rack. A remote attacker could exploit this by sending a specially crafted Host header containing characters not permitted in standard hostnames. This malformed header bypasses hostname validation in applications using Rack::Request, leading to host header poisoning. This can...

6.5CVSS5.8AI score0.00192EPSS
Exploits2References4
OSV
OSV
added 2026/04/02 8:36 p.m.2 views

GHSA-G2PF-XV49-M2H5 Rack::Request accepts invalid Host characters, enabling host allowlist bypass

Summary Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.host returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be...

4.8CVSS5.9AI score0.00192EPSS
Exploits2References4
EUVD
EUVD
added 2026/04/02 8:36 p.m.4 views

EUVD-2026-18478

Rack::Request accepts invalid Host characters, enabling host allowlist bypass...

4.8CVSS5.8AI score0.00192EPSS
Exploits2References2
OSV
OSV
added 2026/04/02 6:16 p.m.4 views

DEBIAN-CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

6.5CVSS5.3AI score0.00192EPSS
Exploits2References1
OSV
OSV
added 2026/04/02 6:16 p.m.4 views

UBUNTU-CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

6.5CVSS5.8AI score0.00192EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/04/02 5:9 p.m.5 views

CVE-2026-34835 Rack: `Rack::Request` accepts invalid Host characters, enabling host allowlist bypass.

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

4.8CVSS5.8AI score0.00192EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:9 p.m.5 views

CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

4.8CVSS5.8AI score0.00192EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder