Lucene search
K

42898 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in cosmos-cuda (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c1a96e5776ec64356f639738134c95a2f33233a4275d2d0ddd6b174c297c64ee The sdist-only package cosmos-cuda 9999.0.0 executes a beacon function beacon'build' from setup.py during sdist build/install and beacon'import' from...

6.6AI score
Exploits0References2
CVE
CVE
added yesterday14 views

CVE-2026-45074

Symfony’s Cas2Handler derives the CAS service URL from Request::getSchemeAndHttpHost(), which uses the Host header when framework.trusted_hosts is not configured. An attacker controlling another app registered with the same CAS server can replay a victim’s CAS ticket and authenticate as that vict...

7.6CVSS6.1AI score0.00064EPSS
Exploits0References4
NVD
NVD
added yesterday2 views

CVE-2026-48564

Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to execute code over a network...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-58627

CVE-2026-58627 is a Windows DHCP Server Denial of Service vulnerability caused by uncontrolled resource consumption that allows a remote attacker to deny service over a network. Affected: Windows DHCP Server. Impact: availability loss (high). Mitigation: Microsoft has released updates and guidanc...

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-58547

The CVE-2026-58547 entry details a heap-based buffer overflow in Windows UPnP Device Host (upnp.dll) that can enable local privilege escalation for an authorized user. Affected component: Universal Plug and Play in Windows. Root cause: heap-based overflow in upnp.dll. Impact: local privilege elev...

5.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-56159

CVE-2026-56159 is a heap-based buffer overflow in Windows DHCP Server that can allow an unauthenticated attacker to execute code over a network (remote code execution). The vulnerability is rated CRITICAL with Network attack vector and no explicit exploit details in the provided documents. Connec...

9.8CVSS6.3AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-50370

CVE-2026-50370 is a heap-based buffer overflow in the Windows DHCP Server service that could allow an unauthenticated attacker on an adjacent network to execute code. The vulnerability is listed among the July 2026 Patch Tuesday disclosures and is included in Microsoft’s security updates (KB50995...

8.8CVSS6.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday9 views

CVE-2026-48564 DHCP Server Service Remote Code Execution Vulnerability

...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-6790

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS0.00196EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43646

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS6.1AI score0.00196EPSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-6790

In Eclipse Jetty, HTTP/1 requests to HTTP/1.3 (HTTP/2/3 included) do not enforce that the request authority (host and port) matches the Host header when present. This mismatch can affect URI redirects, virtual host selection, reverse proxying, and logs. The issue is described across CVE sources (...

5.3CVSS6.1AI score0.00196EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43639

In Eclipse Vert.x versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, DefaultRedirectHandler vertx-core propagates all request headers as-is across cross-origin HTTP 30x redirects. Only Content-Length is stripped; no origin comparison scheme, host, port is performed before copyin...

8.2CVSS6.2AI score0.00154EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday74 views

Vite Dev Server - Information Exposure

Vite is a frontend tooling framework for JavaScript. Before versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network using...

6CVSS6.2AI score0.01077EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday58 views

Emlog Pro v2.1.14 - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. id: CVE-2023-41621 info: name: Emlog Pro v2.1.14 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. impact: ...

6.1CVSS6.4AI score0.01146EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday34 views

Plone Docker - Host Header Injection

Plone Docker Official Image 5.2.13 5221 is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. This can lead to Cross-Site Scripting XSS attacks when the malicious Host header value is reflected in the response. id: CVE-2024-23055 info: name: Plone Docker ...

6.1CVSS6.8AI score0.00911EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday59 views

modoboa 2.0.4 - Admin TakeOver

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...

9.8CVSS7AI score0.15088EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday14 views

Astro SSR - Server-Side Request Forgery

Astro before 5.17.3 and @astrojs/node before 9.5.4 are vulnerable to full-read SSRF due to improper Host header validation in error page rendering, allowing attackers to redirect requests and access internal resources. id: CVE-2026-25545 info: name: Astro SSR - Server-Side Request Forgery author:...

8.6CVSS6.1AI score0.01414EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday22 views

Vite Dev Server - Directory Traversal

Vite is a modern frontend build tool. In Vite prior to versions 6.4.3, 6.3.4, and 5.4.23, a directory traversal vulnerability affects the Vite development server. When the Vite dev server is launched with the --host or server.host option, an unauthenticated attacker can craft a request with a pat...

8.2CVSS6.1AI score0.02095EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday12 views

Starlette - Improper Validation of Unsafe Equivalence in Input

A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...

6.5CVSS6.3AI score0.01438EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday40 views

ExponentCMS <= 2.6 - Host Header Injection

An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM. id: CVE-2021-38751 info: name: ExponentCMS = 2.6 - Host Header Injection author:...

4.3CVSS6.2AI score0.02468EPSS
Exploits1References5
Rows per page
Query Builder