3501 matches found
PT-2026-51324
Name of the Vulnerable Software and Affected Versions IBM Engineering Workflow Management versions 7.0.2 through 7.0.2 Interim Fix 035 IBM Engineering Workflow Management versions 7.0.3 through 7.0.3 Interim Fix 017 IBM Engineering Workflow Management versions 7.1 through 7.1 Interim Fix 004...
Authentication Bypass
LiteLLM is vulnerable to Authentication Bypass. The vulnerability is due to improper Host header parsing during route validation, where the authentication layer derives the effective route from Host-influenced request metadata and may evaluate a different route than the one processed by FastAPI,...
Improper Request Routing
http-proxy-middleware is vulnerable to improper request routing. The vulnerability is due to unanchored substring matching in the host+path router selector logic, where configured host+path entries are matched against attacker-controlled request metadata using partial string comparisons instead o...
Linux Distros Unpatched Vulnerability : CVE-2026-55202
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to...
Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs
Overview Craft CMS is vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default permissive trustedHosts configuration, an attacker can poison the Host or X-Forwarded-Host header to manipulate the...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities Host Header Injection observed
Summary Vulnerabilities have been identified in Host Header Injection , which is used in IBM Engineering Lifecycle Management -Engineering Workflow Management Vulnerability Details CVEID:CVE-2024-51454 DESCRIPTION: IBM Engineering Workflow Management is vulnerable to HTTP header injection, caused...
CVE-2026-48895
CVE-2026-48895 describes an open redirect in Apache APISIX (affected versions 3.0.0–3.16.0). The issue allows manipulation of certain client headers to redirect to an untrusted site, with potential exposure of session tokens. The advisory recommends upgrading to version 3.17.0, which contains the...
CVE-2026-48895 Apache APISIX: Cas-auth Host header influence on CAS service URL
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session token. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade t...
@acastellon/auth: Authentication bypass via spoofable headers in validateToken()
@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...
GHSA-4JGR-PG2M-M988 Heimdall: Forwarded Header Injection via Unsanitized Host Header in Proxy Mode
Summary When Heimdall operates in proxy mode, it constructs the Forwarded HTTP header after executing the matched rule pipeline by inserting the incoming request's Host header value directly into the header string without sanitizing commas or semicolons. This allows an attacker to inject addition...
NPM: http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass
NPM: http-proxy-middleware router host+path substring matching allows Host-header-driven backend routing bypass vulnerability discovered by ? in WordPress Npm http-proxy-middleware versions = 0.16.0, 2.0.10...
Partial String Comparison
Overview Affected versions of this package are vulnerable to Partial String Comparison via the router component. An attacker can route requests to unintended backend servers by sending crafted HTTP requests with manipulated Host headers. Remediation Upgrade http-proxy-middleware to version 2.0.10...
http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass
Summary http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request metadata. As a result, a crafted Host header that is only a superstring match for a configur...
GHSA-64MM-VXMG-Q3VJ http-proxy-middleware `router` host+path substring matching allows Host-header-driven backend routing bypass
Summary http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request metadata. As a result, a crafted Host header that is only a superstring match for a configur...
PT-2026-54912
Name of the Vulnerable Software and Affected Versions @acastellon/auth versions prior to 2.3.0 Description An authentication bypass exists in the validateToken middleware. The issue stems from improper trust in spoofable request headers and flawed request flow control, which allows the next...
PT-2026-50734
Name of the Vulnerable Software and Affected Versions http-proxy-middleware versions 0.16.0 through 2.0.9 http-proxy-middleware versions 3.0.0 through 3.0.5 http-proxy-middleware versions 4.0.0 through 4.0.9 Description An issue exists in the router proxy-table implementation where host+path...
CVE-2026-50194
Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port Management:Endpoints:Port is configured, the...
CVE-2026-50194 Steeltoe vulnerable to management-port isolation bypass via spoofed Host header
Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port Management:Endpoints:Port is configured, the...
CVE-2026-50194
Steeltoe CVE-2026-50194 affects management endpoints when configured to listen on an alternate port. Versions 3.2.2–3.3.0 and 4.1.0 use the Host header to gate access instead of the socket port, enabling port-isolation bypass. Patches are in 3.4.0 and 4.2.0. If upgrading isn’t possible, apply exp...
CVE-2026-55202
Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...