aiohttp 环境问题漏洞

aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of aiohttp prior to 3.13.4 contained environmental issues; these issues stemmed from aiohttp’s ability to allow multiple host headers...

CVE-2026-1698 HTTP Host header vulnerability in WebClient and WebScheduler web apps

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

CVE-2026-1698 HTTP Host header vulnerability in WebClient and WebScheduler web apps

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass

Summary Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass host-based routing and any access controls attached to that route by changing the...

Advisory ROSA-SA-2026-3151

Software: libsoup 2.62.3 OS: ROSA Virtualization 3.1 unaffected versions = libsoup-2.62.3-11.rv31 affected versions libsoup-2.62.3-11.rv31 CVE-ID: CVE-2025-4945 BDU-ID: 2025-10260 CVE-Crit: LOW CVE-DESC.: A vulnerability in the libsoup library of the GNOME GUI is related to integer overflow durin...

Altitude Communication Server injection vulnerability

Altitude Communication Server is an IP contact center software developed by the American company Altitude. Version 8.5.3290.0 of Altitude Communication Server has a vulnerability that stems from operations on the Host header in HTTP requests. This vulnerability may lead to redirection to arbitrar...

WordPress Advanced iFrame plugin <= 2024.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Host Header vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Host Header vulnerability discovered by omstaendlig in WordPress Plugin Advanced iFrame versions = 2024.5...

PT-2025-44644

Name of the Vulnerable Software and Affected Versions Totolink LR350 version 9.3.5u.6369 B20220309 Description The software contains a stack overflow issue via the http host parameter in the sub 426EF8 function. A crafted request can cause a Denial of Service DoS. The vulnerable parameter is http...

EUVD-2020-21404

Malware in sbrugna...

EUVD-2019-16776

Malware in sbrugna...

EUVD-2017-14740

Malware in sbrugna...

EUVD-2022-5267

Malicious code in bioql PyPI...

EUVD-2024-28076

Malicious code in bioql PyPI...

Security Bulletin: Host Header Injection Vulnerability in IBM Operations Analytics - Log Analysis (CVE-2024-40686)

Summary Host header vulnerability in IBM Operations Analytics - Log Analysis allows remote attackers to execute scripts within the application context via remote file inclusion. This has been addressed. Vulnerability Details CVEID:CVE-2024-40686 DESCRIPTION: IBM SmartCloud Analytics - Log Analysi...

Leantime has Host Header Injection Vulnerability

Summary A host header injection vulnerability has been identified in the user details viewing functionality of the system. This vulnerability allows an attacker to manipulate the host header in HTTP requests, thereby gaining unauthorized access to view details of other users...

OESA-2023-1910 python-twisted security update

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host...

EC-CUBE improperly handles HTTP Host header values

Overview EC-CUBE provided by EC-CUBE CO.,LTD. improperly handles HTTP Host header values CWE-913. EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LTD. coordinated under the Information Security Early Warning...

CVE-2020-28031

eramba through c2.8.1 allows HTTP Host header injection with for example resultant wkhtml2pdf PDF printing by authenticated users...

PT-2017-9041 · Citrix · Citrix Xenmobile Server

Name of the Vulnerable Software and Affected Versions: Citrix XenMobile Server versions prior to 10.5.0.24 Description: The issue allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. However, the vendor reports that thei...

CVE-2008-5278

Cross-site scripting XSS vulnerability in the selflink function in in the RSS Feed Generator wp-includes/feed.php for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header HTTPHOST variable...