Lucene search
K

54 matches found

OSV
OSV
added 2026/06/18 1:6 p.m.5 views

GHSA-64MM-VXMG-Q3VJ http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass

Summary http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request metadata. As a result, a crafted Host header that is only a superstring match for a configur...

6.9CVSS5.6AI score0.0034EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/17 9:3 p.m.18 views

CVE-2026-50194 Steeltoe vulnerable to management-port isolation bypass via spoofed Host header

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port Management:Endpoints:Port is configured, the...

8.2CVSS0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-44143

Cas2Handler builds this service parameter from Request::getSchemeAndHttpHost, which reflects the attacker-controlled HTTP Host header whenever Symfony's framework.trusted hosts setting is not configured the default. An attacker who controls any other application registered with the same CAS serve...

8.7CVSS5.8AI score0.00064EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/18 8:41 a.m.43 views

CVE-2026-6333 SSRF via Host Header Spoofing in Custom Slash Commands

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermost...

3.5CVSS0.00137EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 8:41 a.m.10 views

CVE-2026-6333 SSRF via Host Header Spoofing in Custom Slash Commands

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermost...

3.5CVSS5.8AI score0.00137EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.5 views

PT-2026-33310

Name of the Vulnerable Software and Affected Versions Daylight Studio FuelCMS version 1.5.2 Description An issue in the Forgot Password feature allows unauthenticated attackers to obtain the password reset token of a victim user. The application fails to validate the Host header when constructing...

7.1CVSS5.8AI score0.00312EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/04/03 9:43 p.m.7 views

Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow

Summary SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirecturi. Because the redirectUri configuration is silently unset by default, an attacker spoof the Host header to steal OAuth...

6.1CVSS6AI score0.00112EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/03 9:43 p.m.5 views

GHSA-CXJ8-GGF2-P57C Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow

Summary SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirecturi. Because the redirectUri configuration is silently unset by default, an attacker spoof the Host header to steal OAuth...

6.1CVSS6AI score0.00112EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 6:53 p.m.3 views

CVE-2026-33149

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWEDHOSTS = '' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses request.buildabsoluteu...

8.1CVSS5.8AI score0.00304EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.4 views

CVE-2026-33314

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...

6.5CVSS5.9AI score0.00183EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.5 views

CVE-2026-33511

pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...

9.8CVSS6AI score0.00422EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/24 8:32 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the ClickNLoad feature. An attacker can gain unauthorized access to endpoints intended for localhost by...

9.8CVSS6.2AI score0.00422EPSS
Exploits1References2
OSV
OSV
added 2026/03/24 8:16 p.m.10 views

PYSEC-2026-122

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...

6.5CVSS5.9AI score0.00183EPSS
Exploits1References1
NVD
NVD
added 2026/03/24 8:16 p.m.3 views

CVE-2026-33314

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...

6.5CVSS0.00183EPSS
Exploits1References1
PyPA
PyPA
added 2026/03/24 8:16 p.m.9 views

PYSEC-2026-122

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...

6.5CVSS5.9AI score0.00183EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:56 p.m.13 views

CVE-2026-33511

pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...

8.8CVSS6AI score0.00422EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/24 6:52 p.m.8 views

CVE-2026-33314

CVE-2026-33314 affects pyLoad/pyload-ng where a Host Header Spoofing flaw in the @local_check decorator lets unauthenticated external actors bypass local-only checks and access the Click'N'Load API endpoints. This enables remote queuing of downloads, causing SSRF and potential DoS. The issue is m...

6.5CVSS5.9AI score0.00183EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/24 6:52 p.m.4 views

CVE-2026-33314 pyload-ng: Improper Authentication and Origin Validation Error

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...

6.5CVSS5.9AI score0.00183EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:52 p.m.10 views

CVE-2026-33314

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...

6.5CVSS5.9AI score0.00183EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/24 6:52 p.m.23 views

CVE-2026-33314 pyload-ng: Improper Authentication and Origin Validation Error

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...

6.5CVSS0.00183EPSS
Exploits1References1
Rows per page
Query Builder