Lucene search
K

79 matches found

NVD
NVD
added 2026/07/02 12:16 a.m.8 views

CVE-2026-55791

Craft CMS is a content management system CMS. Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default...

6.9CVSS0.0033EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:13 p.m.34 views

CVE-2026-55791

Craft CMS vulnerability CVE-2026-55791 enables SSRF and Arbitrary JavaScript Injection via /actions/app/resource-js when assetManager.cacheSourcePaths is false and trustedHosts is permissive. An attacker can poison Host/X-Forwarded-Host to hijack $baseUrl, causing Craft::createGuzzleClient()->...

6.9CVSS5.8AI score0.0033EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 11:13 p.m.34 views

CVE-2026-55791 Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs

Craft CMS is a content management system CMS. Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default...

6.9CVSS0.0033EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 9:15 p.m.6 views

Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs

Overview Craft CMS is vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default permissive trustedHosts configuration, an attacker can poison the Host or X-Forwarded-Host header to manipulate the...

6.9CVSS6.1AI score0.0033EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/03 7:56 p.m.4 views

CVE-2026-34835

A flaw was found in Rack. A remote attacker could exploit this by sending a specially crafted Host header containing characters not permitted in standard hostnames. This malformed header bypasses hostname validation in applications using Rack::Request, leading to host header poisoning. This can...

6.5CVSS5.8AI score0.00192EPSS
Exploits2References4
EUVD
EUVD
added 2026/04/02 8:36 p.m.4 views

EUVD-2026-18478

Rack::Request accepts invalid Host characters, enabling host allowlist bypass...

4.8CVSS5.8AI score0.00192EPSS
Exploits2References2
OSV
OSV
added 2026/04/02 6:16 p.m.4 views

DEBIAN-CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

6.5CVSS5.3AI score0.00192EPSS
Exploits2References1
OSV
OSV
added 2026/04/02 6:16 p.m.6 views

UBUNTU-CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

6.5CVSS5.8AI score0.00192EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:9 p.m.5 views

CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

4.8CVSS5.8AI score0.00192EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 5:9 p.m.5 views

CVE-2026-34835 Rack: `Rack::Request` accepts invalid Host characters, enabling host allowlist bypass.

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

4.8CVSS5.8AI score0.00192EPSS
Exploits2References1
CVE
CVE
added 2026/04/02 5:9 p.m.51 views

CVE-2026-34835

Rack exposes a vulnerability in Rack::Request where Host header parsing uses an AUTHORITY regex that accepts characters not allowed by RFC hostnames (e.g., /, ?, #, @). Versions affected: 3.0.0.beta1 through 3.1.20, and 3.2.0 through 3.2.5. This can allow host header poisoning when apps rely on r...

6.5CVSS5.8AI score0.00192EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.8 views

PT-2026-29857

Rack versions 3.0.0.beta1 through 3.1.21, and 3.2.0 through 3.2.6 are affected by an issue where the Rack::Request component improperly parses the Host header, accepting characters not permitted in RFC-compliant hostnames such as /, ?, , and @. This can lead to host header poisoning in applicatio...

6.5CVSS5.7AI score0.00192EPSS
Exploits2References25
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.7 views

PT-2026-29913

Summary Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.host returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be...

4.8CVSS5.9AI score0.00192EPSS
Exploits2References4
OSV
OSV
added 2026/03/11 12:29 a.m.2 views

GHSA-VHJ5-X93P-67JW actix-web-lab has host header poisoning in redirect middleware can generate attacker-controlled absolute redirects

Summary actix-web-lab redirect middleware uses request-derived host information to construct absolute redirect URLs for example, https://hostnamepath. In deployments without strict host allowlisting, an attacker can supply a malicious Host header and poison the Location response header, causing...

5.4CVSS5.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/11 12:29 a.m.15 views

actix-web-lab has host header poisoning in redirect middleware can generate attacker-controlled absolute redirects

Summary actix-web-lab redirect middleware uses request-derived host information to construct absolute redirect URLs for example, https://hostnamepath. In deployments without strict host allowlisting, an attacker can supply a malicious Host header and poison the Location response header, causing...

5.8AI score
Exploits0References4Affected Software1
Exploit DB
Exploit DB
added 2026/03/03 12:0 a.m.217 views

mailcow 2025-01a - Host Header Password Reset Poisoning

Exploit Title: mailcow 2025-01a - Host Header Password Reset Poisoning Date: 2025-10-21 Exploit Author: Iam Alvarez AKA Groppoxx / Maizeravla Vendor Homepage: https://mailcow.email Software Link: https://github.com/mailcow/mailcow-dockerized Version: 2025-01a REQUIRED Tested on: Ubuntu 22.04.5 LT...

8.8CVSS5.9AI score0.01052EPSS
Exploits4
NVD
NVD
added 2026/02/20 5:25 p.m.4 views

CVE-2026-26747

A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.forceurl" is not set and default is "false". The application generates absolute URLs suc...

9.1CVSS0.00391EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/20 12:0 a.m.4 views

CVE-2026-26747

A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.forceurl" is not set and default is "false". The application generates absolute URLs suc...

5.5AI score0.00391EPSS
Exploits1References2
CVE
CVE
added 2026/02/20 12:0 a.m.9 views

CVE-2026-26747

Monica 4.1.2 is affected by a Host Header Poisoning issue caused by improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, compounded by the default app.force_url being unset/false. The app constructs absolute URLs (e.g., password reset links) using the user-supplied H...

9.1CVSS5.7AI score0.00391EPSS
Exploits1References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/02/18 12:0 a.m.5 views

mailcow: Dockerized Host Header Password Reset Poisoning Scanner

This Metasploit module adds a scanner for a Host header poisoning vulnerability in mailcow:dockerized versions prior to 2025-01a. The vulnerability occurs because the application improperly trusts the HTTP Host header when generating password reset links. By supplying a crafted Host header during...

8.8CVSS5.6AI score0.01052EPSS
Exploits4
Rows per page
Query Builder