Lucene search
K

3509 matches found

Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50734

Name of the Vulnerable Software and Affected Versions http-proxy-middleware versions 0.16.0 through 2.0.9 http-proxy-middleware versions 3.0.0 through 3.0.5 http-proxy-middleware versions 4.0.0 through 4.0.9 Description An issue exists in the router proxy-table implementation where host+path...

8.6CVSS5.9AI score0.0034EPSS
Exploits1References5
NVD
NVD
added 2026/06/17 10:16 p.m.16 views

CVE-2026-50194

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port Management:Endpoints:Port is configured, the...

8.2CVSS0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 9:3 p.m.24 views

CVE-2026-50194 Steeltoe vulnerable to management-port isolation bypass via spoofed Host header

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port Management:Endpoints:Port is configured, the...

8.2CVSS0.00238EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 9:3 p.m.33 views

CVE-2026-50194

Steeltoe CVE-2026-50194 affects management endpoints when configured to listen on an alternate port. Versions 3.2.2–3.3.0 and 4.1.0 use the Host header to gate access instead of the socket port, enabling port-isolation bypass. Patches are in 3.4.0 and 4.2.0. If upgrading isn’t possible, apply exp...

8.2CVSS5.4AI score0.00238EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 8:17 p.m.5 views

DEBIAN-CVE-2026-55202

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS5.4AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 8:17 p.m.10 views

CVE-2026-55202

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS0.00335EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 7:13 p.m.18 views

CVE-2026-55202

Tinyproxy (up to version 1.11.3) contains a vulnerability in stathost detection where the Host header is not properly validated. This allows unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation, potentially misrouting req...

8.8CVSS5.4AI score0.00335EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 7:13 p.m.21 views

CVE-2026-55202 Tinyproxy - Stathost Detection Bypass via Host Header Manipulation

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS0.00335EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 7:13 p.m.13 views

EUVD-2026-37786

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/17 7:13 p.m.8 views

CVE-2026-55202

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS5.4AI score0.00335EPSS
Exploits0
OSV
OSV
added 2026/06/17 6:57 p.m.6 views

DRUPAL-CORE-2026-007

Drupal core ships a rebuild.php front controller that can be used to rebuild Drupal clearing the caches and rebuilding the container when the site is in an unexpected condition. This script doesn't correctly check the Host header against the list of trusted host patterns. This could result in cac...

5.3AI score
Exploits0References1
Veracode
Veracode
added 2026/06/17 5:30 p.m.24 views

Server-Side Request Forgery (SSRF)

Astro is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to deriving the error-page fetch URL from the unvalidated Host header during runtime error handling, which allows an attacker to redirect server-side requests to arbitrary hosts and read the resulting responses...

7.5CVSS6AI score0.00196EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/17 5:16 p.m.13 views

CVE-2025-32748

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections...

6.1CVSS0.00171EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 3:17 p.m.22 views

CVE-2025-32748

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections...

4.3CVSS0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 3:17 p.m.8 views

CVE-2025-32748

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections...

4.3CVSS6AI score0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 3:17 p.m.9 views

EUVD-2025-210272

Dell PowerFlex rack, versions RCM 3.7/3.7, contains a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections...

4.3CVSS5.5AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 3:17 p.m.13 views

CVE-2025-32748

Dell PowerFlex rack (RCM 3.7/3.7) contains a Host Header Injection vulnerability that allows an unauthenticated, remotely accessible attacker to trigger redirections. CVSS v3.1 base score 4.3 (MEDIUM) with Network attack vector, Low complexity, No privileges required, User interaction required. N...

6.1CVSS6AI score0.00171EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/17 1:19 p.m.10 views

CVE-2026-10839

Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or...

5.1CVSS0.0042EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.9 views

CVE-2026-10836

Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising...

5.1CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.10 views

CVE-2026-10837

Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause the victim to be redirected to domains controlled by the attacker, enabling phishing or deception attacks with limited...

5.1CVSS0.00315EPSS
Exploits0References1
Rows per page
Query Builder