18 matches found
CVE-2026-58169
Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability that allows remote attackers to bypass bearer-token authentication by exploiting the server's trust of TCP peer addresses for loopback clients combined with missing Host header validation while binding to...
SUSE SLES16 Security Update : python-aiohttp (SUSE-SU-2026:22173-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22173-1 advisory. This update for python-aiohttp fixes the following issues - CVE-2026-22815: insufficient header/trailer handling can cause a denia...
NPM: http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass
NPM: http-proxy-middleware router host+path substring matching allows Host-header-driven backend routing bypass vulnerability discovered by ? in WordPress Npm http-proxy-middleware versions = 0.16.0, 2.0.10...
Reliance on Untrusted Inputs in a Security Decision
Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision through the AllowedHostsMiddleware in the host validation middleware. An attacker can bypa...
CVE-2026-44450
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code executi...
CVE-2026-44450
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code executi...
CVE-2026-44450 Lumiverse: RCE via MCP stdio argument injection
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code executi...
CVE-2026-44450 Lumiverse: RCE via MCP stdio argument injection
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code executi...
CVE-2026-44450
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code executi...
EUVD-2026-31978
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code executi...
PT-2026-43402
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code executi...
Rack::Request accepts invalid Host characters, enabling host allowlist bypass
Summary Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.host returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be...
CVE-2026-33511
CVE-2026-33511 affects pyLoad/pyload-ng: the local_check decorator in the ClickNLoad feature can be bypassed via HTTP Host header spoofing, allowing unauthenticated remote access to localhost-restricted endpoints and enabling injection of downloads, writing to storage, and JavaScript execution. A...
CVE-2026-27588
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass...
CVE-2024-25170
An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header...
PT-2025-3153 · Xerox · Xerox Workplace Suite
Name of the Vulnerable Software and Affected Versions: Xerox Workplace Suite versions prior to 5.6.701.9 Description: The issue involves an API security bypass through header manipulation. In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the "Host"...
CVE-2023-3654
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request. This vulnerability can be triggered by an HTTP endpoint exposed to the network...
8E6科技R3000 Internet过滤器Host头绕过检测漏洞
BUGTRAQ ID: 30541 8e6科技的R3000上网行为管理系统是软硬件集成的系统,允许管理者能有效控制与管理互联网用户的上网行为。 R3000 Internet过滤器所提供的HTTP URL过滤功能没有正确的验证Host头,用户可以访问设备设置了访问限制的网站。但用户无法利用这个漏洞绕过基于IP地址的过滤限制。 8E6 Technologies R3000 Internet Filter 2.0.12.10 8E6 Technologies ---------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...