Lucene search
K

484 matches found

Github Security Blog
Github Security Blog
added 2025/05/16 5:28 p.m.12 views

Flask-AppBuilder open redirect vulnerability using HTTP host injection

Impact Flask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Patches Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS configuration variable, which allows administrators to explicit...

6.1CVSS6.8AI score0.00191EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/05/16 1:51 p.m.17 views

CVE-2025-32962 Flask-AppBuilder open redirect vulnerability using HTTP host injection

Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS...

4.3CVSS0.00191EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/16 1:51 p.m.12 views

CVE-2025-32962 Flask-AppBuilder open redirect vulnerability using HTTP host injection

Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS...

4.3CVSS7.2AI score0.00191EPSS
Exploits0References2
NVD
NVD
added 2025/05/16 11:15 a.m.13 views

CVE-2025-40631

HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected...

6.1CVSS0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/16 11:9 a.m.12 views

CVE-2025-40631 HTTP host header injection vulnerability in IceWarp Mail Server

HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected...

2CVSS0.00183EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.8 views

PT-2025-21634 · Icewarp · Icewarp Mail Server

Name of the Vulnerable Software and Affected Versions: Icwarp Mail Server version 11.4.0 Description: The issue allows for HTTP host header injection, enabling the execution of arbitrary JavaScript code on page load when a user interacts with a malicious link. This is achieved by modifying the Ho...

2CVSS6.8AI score0.00183EPSS
Exploits0References5
GitLab Advisory Database
GitLab Advisory Database
added 2025/05/16 12:0 a.m.17 views

Flask-AppBuilder open redirect vulnerability using HTTP host injection

Flask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests...

6.1CVSS6.8AI score0.00191EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/03/10 12:0 a.m.94 views

CVE-2025-27913

CVE-2025-27913 concerns Passbolt API prior to version 5. The description in multiple sources states that a server misconfiguration during installation (and disregard of Health Check results) allows emails to be sent with a domain name taken from an attacker-controlled HTTP Host header. The CVSS d...

7.5CVSS7.2AI score0.00172EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/10 12:0 a.m.21 views

CVE-2025-27913

Passbolt API before 5, if the server is misconfigured with an incorrect installation process and disregarding of Health Check results, can send email messages with a domain name taken from an attacker-controlled HTTP Host header...

2.1CVSS0.00172EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/16 2:18 p.m.8 views

CVE-2025-0178

Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious...

5.1CVSS6.7AI score0.00215EPSS
Exploits0References1
NVD
NVD
added 2025/02/14 2:15 p.m.13 views

CVE-2025-0178

Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious...

6.1CVSS0.00215EPSS
Exploits0References1
CVE
CVE
added 2025/02/14 1:22 p.m.74 views

CVE-2025-0178

The CVE-2025-0178 issue affects WatchGuard Fireware OS Web UI, where improper input validation allows manipulation of the HTTP Host header. The vulnerability could enable redirection to malicious sites, web cache poisoning, or injection of malicious JavaScript into responses. Affected range is Fi...

6.1CVSS6.8AI score0.00215EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/02/05 7:27 a.m.7 views

BIT-SUPERSET-2023-42502 Apache Superset: Open Redirect Vulnerability

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0...

5.4CVSS5.1AI score0.00823EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/12/30 12:0 a.m.12 views

Couchbase < 7.2.6 / 7.6.x < 7.6.2 HTTP Host Header Injection

The version of Couchbase installed on the remote host is before 7.2.6, and 7.6.x before 7.6.2. It is, therefore, affected by a HTTP Host header injection. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

6.1CVSS5.5AI score0.00318EPSS
Exploits0References4
NVD
NVD
added 2024/12/06 4:15 p.m.20 views

CVE-2024-30129

The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address...

5.3CVSS0.00301EPSS
Exploits0References1
CVE
CVE
added 2024/12/06 3:57 p.m.58 views

CVE-2024-30129

CVE-2024-30129 affects HCL Nomad Server on Domino. The vulnerability is a host header injection: manipulating the HTTP Host header can redirect or route requests to a different domain/IP and alter behavior. The CVSS v3.1 base score is 5.3 (Medium), with impact primarily on confidentiality as Low ...

5.3CVSS5.3AI score0.00301EPSS
Exploits0References1
NVD
NVD
added 2024/09/19 7:15 p.m.35 views

CVE-2024-25673

Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection...

6.1CVSS0.00318EPSS
Exploits0References3
CVE
CVE
added 2024/09/19 12:0 a.m.60 views

CVE-2024-25673

CVE-2024-25673 affects Couchbase Server and enables HTTP Host header injection in affected branches: Couchbase Server 7.6.x prior to 7.6.2 and 7.2.x prior to 7.2.6 (and earlier versions). The vulnerability is due to improper handling of the Host header in HTTP requests. Observed impact per source...

6.1CVSS7.6AI score0.00318EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/09/19 12:0 a.m.6 views

Couchbase Server 注入漏洞

Couchbase Server is a distributed open source NoSQL non-relational database from Couchbase Inc. in the United States. It supports features such as data query, full-text search and active global replication. A security vulnerability exists in Couchbase Server 7.6.x in versions prior to 7.6.2 and...

6.1CVSS6.7AI score0.00318EPSS
Exploits0References5
OSV
OSV
added 2024/08/12 7:15 p.m.3 views

CVE-2024-42547

TOTOLINK A3100R V4.1.2cu.5050B20200504 has a buffer overflow vulnerability in the httphost parameter in the loginauth function...

9.8CVSS6.1AI score0.00629EPSS
Exploits1References1
Rows per page
Query Builder