Lucene search
K

488 matches found

Nuclei
Nuclei
added yesterday40 views

ExponentCMS <= 2.6 - Host Header Injection

An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM. id: CVE-2021-38751 info: name: ExponentCMS = 2.6 - Host Header Injection author:...

4.3CVSS6.2AI score0.02468EPSS
Exploits1References5
NVD
NVD
added 6 days ago9 views

CVE-2026-15202

A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function geturl of the file /yzmphp/yzmphp.php of the component Header Handler. The manipulation of the argument HTTPHOST leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.3CVSS0.00263EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-15202 YzmCMS Header yzmphp.php get_url cross site scripting

A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function geturl of the file /yzmphp/yzmphp.php of the component Header Handler. The manipulation of the argument HTTPHOST leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.3CVSS0.00263EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42655

A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function geturl of the file /yzmphp/yzmphp.php of the component Header Handler. The manipulation of the argument HTTPHOST leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.3CVSS4.1AI score0.00263EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 5:37 a.m.4 views

BIT-APPSMITH-2026-55455 Appsmith: SSRF in REST API / GraphQL datasource plugins via insufficient host denylist

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils used by the REST API and GraphQL datasource plugins validates hosts against an exact-match string denylist. The comprehensive address-class check...

9.1CVSS5.9AI score0.0022EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/24 7:25 a.m.11 views

CVE-2026-54588

A flaw was found in Poweradmin, a web-based DNS administration tool. An unauthenticated attacker can exploit this vulnerability by manipulating the HTTPHOST request header. This manipulation allows the attacker to poison the redirecturi used in the OpenID Connect OIDC, Security Assertion Markup...

9.6CVSS5.8AI score0.00312EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/24 7:25 a.m.7 views

CVE-2026-48491

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability allows an unauthenticated client to bypass mutual Transport Layer Security TLS enforcement, a security measure that verifies both client and server identities. The bypass occurs due to an issue in Traefik's...

10CVSS5.8AI score0.00245EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-36604

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...

6.5CVSS5.5AI score0.00254EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 1:15 p.m.8 views

GHSA-86QP-5C8J-P5MR Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Summary In affected versions, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header could make request.url.path differ from the pa...

6.5CVSS5.9AI score0.01438EPSS
Exploits2References24
NVD
NVD
added 2026/05/04 2:15 a.m.12 views

CVE-2026-7719

A security flaw has been discovered in Totolink WA300 5.2cu.7112B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument httphost results in buffer overflow. The attack may be launched...

10CVSS0.00619EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/04 1:30 a.m.56 views

CVE-2026-7719 Totolink WA300 POST Request cstecgi.cgi loginauth buffer overflow

A security flaw has been discovered in Totolink WA300 5.2cu.7112B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument httphost results in buffer overflow. The attack may be launched...

10CVSS0.00619EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/04 1:30 a.m.5 views

EUVD-2026-26870

A security flaw has been discovered in Totolink WA300 5.2cu.7112B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument httphost results in buffer overflow. The attack may be launched...

10CVSS7.8AI score0.00619EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/30 1:58 p.m.9 views

tomcat: Client certificate verification bypass due to virtual host mapping

A certificate validation flaw has been found in Apache Tomcat. omcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one ...

9.1CVSS7AI score0.00235EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/14 10:32 p.m.5 views

EUVD-2026-22811

Serendipity has a Host Header Injection allows SMTP header injection via unvalidated HTTPHOST in Message-ID email header...

7.2CVSS5.8AI score0.00255EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/27 10:14 a.m.7 views

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

6.1CVSS6AI score0.00207EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 8:16 a.m.6 views

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

6.1CVSS5.8AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.11 views

CVE-2021-31702

Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS...

7.5CVSS7AI score0.01236EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.10 views

CVE-2019-16532

An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections...

6.1CVSS7.2AI score0.01221EPSS
Exploits1References1
OSV
OSV
added 2025/12/19 9:5 p.m.6 views

CVE-2023-53958 LDAP Tool Box Self Service Password 1.5.2 Account Takeover via HTTP Host Header

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...

8.6CVSS6AI score0.00349EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/14 12:1 a.m.4 views

CVE-2025-60699

A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592B20191022ALL within the global.so binary. The getSaveConfig function retrieves the httphost parameter from user input via websGetVar and copies it into a fixed-size stack buffer v13 using strcpy without...

6.5CVSS8AI score0.00839EPSS
Exploits1References1
Rows per page
Query Builder