3849 matches found
CVE-2026-6790
In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...
EUVD-2026-43646
In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...
Monstra CMS 3.0.4 - HTTP Header Injection
Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to...
WordPress <= 6.2 - Server Side Request Forgery
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. id: CVE-2022-3590 info: name: WordPress = 6.2 - Server Side...
EUVD-2026-43499
The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...
CVE-2026-58065 Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification
The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...
Malicious code in sixseven8 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec482cba13f20090fc306d9a8c732ec4edbc8bb9326324f7dedfb544ad0d9a11 The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...
Malicious code in testdonotredeemit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9f9461b13f64b90e569dcc6354708559128c23f4e47e4ac5842b46ce0fb6ed2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in abuden1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 366c27a7f56562405e9af37dcb6a78fa8f535af50e9ecd68ec559fbb1f80f5d7 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in backup5-updated (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fbc0dc5fea4212458853e895b9b9df474401727a4768f47e3016a8c871fd5c7 The package tarball contains multiple heavily obfuscated JavaScript bundles under assets/ AccountPage, DarkVeil, GamesPage, PlusBlockedNote,...
CVE-2026-59996
A flaw was found in OpenSSH, a widely used tool for secure remote access. When a user attempts to copy files between two different remote systems using the scp command, the file might be incorrectly placed in a directory above the intended destination. This unintended file placement could lead to...
CVE-2026-55641
9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this...
CVE-2026-54919 cpp-httplib: TLS certificate chain verification bypassed for IP-literal hosts on Mbed TLS and wolfSSL backends
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIBMBEDTLSSUPPORT or CPPHTTPLIBWOLFSSLSUPPORT and a...
CVE-2026-54919
cpp-httplib on Mbed TLS and wolfSSL backends was vulnerable to a TLS certificate chain verification bypass for IP-literal hosts (affecting v0.31.0–0.46.1) when server verification was enabled; SSLClient/Client could skip chain validation and Mbed TLS WebSocketClient could skip verification. The i...
CVE-2026-55590
CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect method contains a weakness to backslash bypasses that allows redirect targets with attacker-controlled hostnames through the...
CVE-2026-55590
The CVE-2026-55590 entry concerns the CakePHP Authentication plugin (CakePHP, PSR-7 compatible) with a backslash bypass in getLoginRedirect() that enables open redirects to attacker-controlled hostnames through the redirect query parameter. Affected versions: prior to 2.11.1, 3.3.6, and 4.1.1. Th...
CVE-2026-60092
AVideo Meet plugin through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored meetjoinlog.useragent without...
CVE-2026-59707 LocalAI - Server-Side Request Forgery via POST /models/apply
LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper...
GO-2026-5924 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps in github.com/coder/coder
Coder's session token leaked to arbitrary hosts via coder open app for external workspace apps in github.com/coder/coder...
Malicious code in load-nuxt-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf0f879297070c07197ace88cfb411c61d497ad150e39c2c5c91349737f5d83a The package name resembles the legitimate Nuxt ecosystem tooling e.g., @nuxt/load-nuxt, and the version 99.0.3 is a common dependency-confusion /...