Lucene search
+L

3592 matches found

OSV
OSV
added 2026/07/03 5:23 p.m.4 views

CVE-2026-14631 webpack-dev-server vulnerable to denial of service via a malformed Host or Origin header

webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught...

5.3CVSS6.1AI score0.00308EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 5:23 p.m.42 views

CVE-2026-14631 webpack-dev-server vulnerable to denial of service via a malformed Host or Origin header

webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught...

5.3CVSS0.00308EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 5:23 p.m.32 views

CVE-2026-14631

Vulnerability overview: CVE-2026-14631 affects webpack-dev-server up to version 5.2.5. An unauthenticated peer sending a normal HTTP request with a malformed Host header or a WebSocket upgrade to /ws with a malformed Origin header triggers an uncaught exception in the host-validation path, crashi...

5.3CVSS6AI score0.00308EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/07/02 10:18 p.m.6 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the OIDC discovery process when the X-Forwarded-Host header is not validated and no allowed-hosts list is configured. An attacker can manipulate the issuer and JWKS URI in the discovery document by supplying a...

8.2CVSS6AI score0.00246EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/02 9:13 p.m.7 views

NPM: 9router has an Incomplete Fix: Local-Only Access Gate Bypass in 9router via Host Header SpoofING

NPM: 9router has an Incomplete Fix: Local-Only Access Gate Bypass in 9router via Host Header SpoofING vulnerability discovered by ? in WordPress Npm 9router versions = 0.4.55...

7.5CVSS5.9AI score0.00357EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/07/02 9:13 p.m.8 views

User Impersonation

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to User Impersonation via the isLocalRequest function. An attacker can gain unauthorized access to restricted routes and interact with child processes by spoofing the Host and Orig...

8.3CVSS6AI score0.00357EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/02 9:13 p.m.12 views

9router has an Incomplete Fix: Local-Only Access Gate Bypass in 9router via Host Header SpoofING

Summary The fix for CVE-2026-46339 unauthenticated RCE via unprotected MCP plugin routes introduced a local-only access gate in src/dashboardGuard.js that restricts spawn-capable routes /api/mcp/, /api/tunnel/, /api/cli-tools/ to loopback requests. The gate determines "local" by inspecting the Ho...

10CVSS6.6AI score0.04572EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/07/02 8:29 p.m.15 views

EUVD-2026-37801

Steeltoe vulnerable to management-port isolation bypass via spoofed Host header...

8.2CVSS5.8AI score0.00238EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 8:29 p.m.4 views

GHSA-58F6-6RJ2-3V8R Steeltoe vulnerable to management-port isolation bypass via spoofed Host header

Summary When Steeltoe management endpoints are configured to listen on an alternate port Management:Endpoints:Port is configured, the middleware responsible for restricting access to the endpoints uses the Host HTTP header rather than the actual network socket port. Impact An unauthenticated remo...

8.2CVSS6AI score0.00238EPSS
Exploits0References5
NVD
NVD
added 2026/07/02 8:17 p.m.8 views

CVE-2026-59096

Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...

8.2CVSS0.00246EPSS
Exploits0References4
OSV
OSV
added 2026/07/02 7:41 p.m.4 views

CVE-2026-59096 Dapr - OIDC Discovery Issuer and JWKS URI Injection via Unvalidated X-Forwarded-Host

Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...

8.2CVSS6AI score0.00246EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:41 p.m.12 views

CVE-2026-59096

Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...

8.2CVSS5.8AI score0.00246EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/07/02 7:41 p.m.11 views

CVE-2026-59096 Dapr - OIDC Discovery Issuer and JWKS URI Injection via Unvalidated X-Forwarded-Host

Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...

8.2CVSS6AI score0.00246EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 7:41 p.m.19 views

CVE-2026-59096

Dapr Sentry’s OIDC discovery endpoint can be poisoned: the issuer and jwks_uri in /.well-known/openid-configuration are derived from the request Host via an attacker-controlled X-Forwarded-Host when oidc-allowed-hosts is not configured, and the document is cached for one hour. This allows remote ...

8.2CVSS5.8AI score0.00246EPSS
Exploits0References4
NVD
NVD
added 2026/07/02 12:16 a.m.8 views

CVE-2026-55791

Craft CMS is a content management system CMS. Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default...

6.9CVSS0.0033EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.16 views

PT-2026-55297

Name of the Vulnerable Software and Affected Versions Dapr affected versions not specified Description Dapr Sentry's OIDC discovery endpoint /.well-known/openid-configuration derives the issuer and jwks uri from the request Host. When no allowed-hosts list is configured, the system honors an...

8.2CVSS6AI score0.00246EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 11:13 p.m.40 views

CVE-2026-55791

Craft CMS vulnerability CVE-2026-55791 enables SSRF and Arbitrary JavaScript Injection via /actions/app/resource-js when assetManager.cacheSourcePaths is false and trustedHosts is permissive. An attacker can poison Host/X-Forwarded-Host to hijack $baseUrl, causing Craft::createGuzzleClient()->...

6.9CVSS5.8AI score0.0033EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 11:13 p.m.35 views

CVE-2026-55791 Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs

Craft CMS is a content management system CMS. Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default...

6.9CVSS0.0033EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 11:13 p.m.4 views

CVE-2026-55791 Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs

Craft CMS is a content management system CMS. Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default...

6.9CVSS5.9AI score0.0033EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 3:17 p.m.11 views

CVE-2026-58399

@acastellon/auth is an authentication control system for microservices. Versions prior to 2.3.0 appear to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for...

8.7CVSS0.00543EPSS
Exploits0References3
Rows per page
Query Builder