CVE-2021-27404

Askey RTF8115VW BRSVg11.11RTFTEF001V6.54V014 devices allow injection of a Host HTTP header...

EUVD-2012-3776

Malware in sbrugna...

EUVD-2021-14159

Malware in sbrugna...

EUVD-2018-10505

Malware in sbrugna...

EUVD-2025-20237

Malicious code in bioql PyPI...

EUVD-2025-20239

Malicious code in bioql PyPI...

CVE-2025-43933

fblog through 983bede allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...

CVE-2025-43932

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...

CVE-2025-43930

Hashview 0.8.1 allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...

CVE-2012-3829

Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header...

CVE-2012-2212

McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable...

CVE-2024-32980

Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header...

Sql injection

An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php...

CVE-2018-9934

The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control...

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

Concrete CMS: Unsafe usage of Host HTTP header in Concrete5 version 5.7.3.1

Concrete5 is affected by a design issue related to the Host HTTP header. Such header is being used to define the base URL for the application. Since the Host header can be arbitrarily manipulated by an attacker, this can have some security impacts...

Ubuntu Update for python-django USN-1632-2

Ubuntu Update for Linux kernel vulnerabilities USN-1632-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN16322.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for python-django USN-1632-2 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.ne...

Ubuntu Update for python-django USN-1632-1

Ubuntu Update for Linux kernel vulnerabilities USN-1632-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16321.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for python-django USN-1632-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.ne...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : python-django vulnerability (USN-1632-1)

James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu...