Lucene search
K

389 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:5 a.m.5 views

CVE-2022-25355

EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users...

5.3CVSS7AI score0.01138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 p.m.6 views

CVE-2021-25179

SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting XSS via the HTTP Host header...

6.1CVSS6.2AI score0.01393EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:35 p.m.7 views

CVE-2021-43106

A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online TWO 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the...

6.1CVSS7.1AI score0.00672EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:10 p.m.8 views

CVE-2021-38751

A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM...

4.3CVSS6.9AI score0.02468EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:6 p.m.8 views

CVE-2021-20101

Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated host headers. This could cause a victim to receive malformed content...

6.1CVSS7AI score0.00722EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:14 p.m.6 views

CVE-2020-26161

In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header...

6.1CVSS6.7AI score0.0106EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:46 p.m.10 views

CVE-2020-10792

openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header...

7.5CVSS7AI score0.01895EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:26 p.m.9 views

CVE-2020-28031

eramba through c2.8.1 allows HTTP Host header injection with for example resultant wkhtml2pdf PDF printing by authenticated users...

4.3CVSS7.1AI score0.0062EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 12:29 p.m.13 views

CVE-2010-4714

Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to 1 gwpoa.exe in the Post Office Agent, 2 gwmta.exe in the Message Transfer Agent, 3 gwia.exe in the Internet Agent, 4 the WebAccess Agent, or 5 th...

10CVSS8.1AI score0.06121EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.9 views

CVE-2019-17392

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...

9.8CVSS7AI score0.01089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 a.m.6 views

CVE-2019-8435

admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header...

4.8CVSS5.9AI score0.00583EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 11:58 p.m.6 views

CVE-2009-0804

Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...

5.4CVSS7AI score0.02376EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 11:56 p.m.7 views

CVE-2009-0803

SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and...

5.4CVSS7.1AI score0.02355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:2 p.m.9 views

CVE-2009-2059

Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" atta...

6.8CVSS7.2AI score0.01298EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:2 p.m.10 views

CVE-2009-2057

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL...

5.8CVSS7.2AI score0.03027EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:1 p.m.9 views

CVE-2009-1211

Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet...

5.8CVSS7.1AI score0.01357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:26 p.m.22 views

CVE-2009-0802

Qbik WinGate, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites,...

5.4CVSS7.1AI score0.02424EPSS
Exploits0References1
NVD
NVD
added 2025/05/16 11:15 a.m.13 views

CVE-2025-40631

HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected...

6.1CVSS0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/16 11:9 a.m.12 views

CVE-2025-40631 HTTP host header injection vulnerability in IceWarp Mail Server

HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected...

2CVSS0.00183EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.8 views

PT-2025-21634 · Icewarp · Icewarp Mail Server

Name of the Vulnerable Software and Affected Versions: Icwarp Mail Server version 11.4.0 Description: The issue allows for HTTP host header injection, enabling the execution of arbitrary JavaScript code on page load when a user interacts with a malicious link. This is achieved by modifying the Ho...

2CVSS6.8AI score0.00183EPSS
Exploits0References5
Rows per page
Query Builder