3604 matches found
PT-2026-53920
Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description The local API server trusts the TCP peer address to bypass the API AUTH KEY bearer-token check for loopback clients and lacks Host header validation while binding to 0.0.0.0 with credentialed...
PYSEC-2026-388 LiteLLM: Authentication Bypass via Host Header Injection
Impact A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from request.url.path in litellm/proxy/auth/authutils.py::getrequestroute, which Starlette reconstructs...
EUVD-2026-36602
Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection...
GHSA-9RC6-8CJV-RCVX Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection
Description The getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path, with zero validation of the Host header: go func getRedirectURLc gin.Context string scheme := "http://" referer := c.Request.Referer if...
CVE-2026-47220
A flaw was found in Envoy. A remote attacker can exploit this vulnerability by sending a request with a missing host header when the %REQUESTEDSERVERNAMEX:Y% is used in the log format and host-related options, such as HOSTFIRST or SNIFIRST, are specified. This can lead to a crash of the Envoy...
CVE-2026-47220
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...
CVE-2026-47220 Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...
CVE-2026-47220
The CVE describes a crash in Envoy when using %REQUESTED_SERVER_NAME(X:Y)% in log format with host-related options (e.g., HOST_FIRST, SNI_FIRST) and the specified host header is missing in the request headers. Affected versions are 1.37.0 through 1.37.5 and 1.38.3. The vulnerability arises from t...
CVE-2026-47220 Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...
CVE-2026-47220 Envoy: Segmentation fault when using %REQUESTED_SERVER_NAME% in log format
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...
PT-2026-52894
Name of the Vulnerable Software and Affected Versions Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description Envoy can crash when the %REQUESTED SERVER NAMEX:Y% variable is used in the log format and host-related options such as HOST FIRST or SNI FIRST are specified...
SUSE SLES16 Security Update : python-aiohttp (SUSE-SU-2026:22173-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22173-1 advisory. This update for python-aiohttp fixes the following issues - CVE-2026-22815: insufficient header/trailer handling can cause a denia...
CVE-2026-46611 Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...
CVE-2026-46611
Glances XML-RPC server (glances/server.py) before 4.5.5 does not validate the HTTP Host header, enabling DNS rebinding attacks to exfiltrate the victim’s monitoring data. The vulnerability affects the XML-RPC backend used by glances -s (XML-RPC path /RPC2) and allows an attacker to cause the brow...
CVE-2026-46611 Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...
CVE-2026-55602
A flaw was found in http-proxy-middleware before 2.0.10, 3.0.6, and 4.1.0. Router proxy-table host+path matching uses unanchored substring comparison on the Host header, so a crafted Host value that superstring-matches a configured key can route requests to an unintended backend...
CVE-2026-13150
Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...
CVE-2026-13150
Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...
CVE-2026-13150 SSRF in Pentestify PDF generation endpoint via Host header
Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...
EUVD-2026-38735
Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...