CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

387 matches found

ExponentCMS <= 2.6 - Host Header Injection

An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM. id: CVE-2021-38751 info: name: ExponentCMS = 2.6 - Host Header Injection author:...

4.3CVSS5.6AI score0.08314EPSS

Exploits1References5

RedhatCVE•added yesterday•4 views

CVE-2026-36604

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...

6.5CVSS5.5AI score0.00032EPSS

Exploits0References1

RedHat Linux•added 2026/04/30 1:58 p.m.•5 views

tomcat: Client certificate verification bypass due to virtual host mapping

A certificate validation flaw has been found in Apache Tomcat. omcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one ...

9.1CVSS7AI score0.00051EPSS

Exploits0References5

EUVD•added 2026/04/14 10:32 p.m.•1 views

EUVD-2026-22811

Serendipity has a Host Header Injection allows SMTP header injection via unvalidated HTTPHOST in Message-ID email header...

7.2CVSS5.8AI score0.00064EPSS

Exploits1References2

RedhatCVE•added 2026/02/27 10:14 a.m.•3 views

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

6.1CVSS6AI score0.00056EPSS

Exploits0References1

OSV•added 2026/02/26 8:16 a.m.•3 views

CVE-2026-1698

6.1CVSS5.8AI score

Exploits0References1

RedhatCVE•added 2026/01/09 11:23 a.m.•7 views

CVE-2021-31702

Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS...

7.5CVSS7AI score0.00334EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:32 a.m.•4 views

CVE-2019-16532

An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections...

6.1CVSS7.2AI score0.00471EPSS

Exploits1References1

OSV•added 2025/12/19 9:15 p.m.•3 views

CVE-2023-53958

LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account...

8.6CVSS5.8AI score0.0004EPSS

Exploits0References3