CVE-2026-46611

Glances XML-RPC server (glances/server.py) before 4.5.5 does not validate the HTTP Host header, enabling DNS rebinding attacks to exfiltrate the victim’s monitoring data. The vulnerability affects the XML-RPC backend used by glances -s (XML-RPC path /RPC2) and allows an attacker to cause the brow...

CVE-2026-46611 Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

Ruby on Rails - Open Redirect via Host Header Injection

Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...

ExponentCMS <= 2.6 - Host Header Injection

An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM. id: CVE-2021-38751 info: name: ExponentCMS = 2.6 - Host Header Injection author:...

Plone Docker - Host Header Injection

Plone Docker Official Image 5.2.13 5221 is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. This can lead to Cross-Site Scripting XSS attacks when the malicious Host header value is reflected in the response. id: CVE-2024-23055 info: name: Plone Docker ...

Starlette - Improper Validation of Unsafe Equivalence in Input

A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...

Astro SSR - Server-Side Request Forgery

Astro before 5.17.3 and @astrojs/node before 9.5.4 are vulnerable to full-read SSRF due to improper Host header validation in error page rendering, allowing attackers to redirect requests and access internal resources. id: CVE-2026-25545 info: name: Astro SSR - Server-Side Request Forgery author:...

CVE-2026-55602

A flaw was found in http-proxy-middleware before 2.0.10, 3.0.6, and 4.1.0. Router proxy-table host+path matching uses unanchored substring comparison on the Host header, so a crafted Host value that superstring-matches a configured key can route requests to an unintended backend. Mitigation Upgra...

CVE-2026-13150

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

CVE-2026-13150 SSRF in Pentestify PDF generation endpoint via Host header

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

EUVD-2026-38735

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

CVE-2026-54588

A flaw was found in Poweradmin, a web-based DNS administration tool. An unauthenticated attacker can exploit this vulnerability by manipulating the HTTPHOST request header. This manipulation allows the attacker to poison the redirecturi used in the OpenID Connect OIDC, Security Assertion Markup...

CVE-2026-49468

A flaw was found in LiteLLM, a proxy server AI Gateway used to call Large Language Model LLM APIs. A remote attacker could exploit a Host-header parsing vulnerability in the proxy authentication layer. By sending a crafted Host header, an attacker could gain unauthenticated access to protected...

CVE-2026-48491

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability allows an unauthenticated client to bypass mutual Transport Layer Security TLS enforcement, a security measure that verifies both client and server identities. The bypass occurs due to an issue in Traefik's...

CVE-2026-9643

The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUESTURI server variable in all versions up to, and including, 4.5.18. When the plugin's wpmsTemplateRedirect hook detects a 404, it concatenates $SERVER'HTTPHOST' with the raw...

CVE-2026-54588 Poweradmin has Host Header Injection in OIDC redirect_uri, SAML ACS/SLO URL, and Logout Redirect Construction.

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled HTTPHOST request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An...

CVE-2026-54588

Poweradmin (for PowerDNS) is affected by a Host Header Injection vulnerability in auth flows. Versions prior to 4.2.4 and 4.3.3 use the HTTP_HOST header as the authoritative source for building OIDC redirect_uri, SAML ACS/SLO URLs, and logout redirects without validation. An unauthenticated attac...

EUVD-2026-31881

Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir...

GHSA-JC3J-X6PG-4HMV Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir

Summary When algernon is started with --domain or --letsencrypt, which silently turns on --domain at engine/flags.go:372, the request handler resolves the served directory by joining the configured --dir with the value of the client-supplied Host header. The join is performed by filepath.Join wit...

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...