484 matches found
Flask-AppBuilder open redirect vulnerability using HTTP host injection
Impact Flask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Patches Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS configuration variable, which allows administrators to explicit...
CVE-2025-32962 Flask-AppBuilder open redirect vulnerability using HTTP host injection
Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS...
CVE-2025-32962 Flask-AppBuilder open redirect vulnerability using HTTP host injection
Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS...
CVE-2025-40631
HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected...
CVE-2025-40631 HTTP host header injection vulnerability in IceWarp Mail Server
HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected...
PT-2025-21634 · Icewarp · Icewarp Mail Server
Name of the Vulnerable Software and Affected Versions: Icwarp Mail Server version 11.4.0 Description: The issue allows for HTTP host header injection, enabling the execution of arbitrary JavaScript code on page load when a user interacts with a malicious link. This is achieved by modifying the Ho...
Flask-AppBuilder open redirect vulnerability using HTTP host injection
Flask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests...
CVE-2025-27913
CVE-2025-27913 concerns Passbolt API prior to version 5. The description in multiple sources states that a server misconfiguration during installation (and disregard of Health Check results) allows emails to be sent with a domain name taken from an attacker-controlled HTTP Host header. The CVSS d...
CVE-2025-27913
Passbolt API before 5, if the server is misconfigured with an incorrect installation process and disregarding of Health Check results, can send email messages with a domain name taken from an attacker-controlled HTTP Host header...
CVE-2025-0178
Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious...
CVE-2025-0178
Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious...
CVE-2025-0178
The CVE-2025-0178 issue affects WatchGuard Fireware OS Web UI, where improper input validation allows manipulation of the HTTP Host header. The vulnerability could enable redirection to malicious sites, web cache poisoning, or injection of malicious JavaScript into responses. Affected range is Fi...
BIT-SUPERSET-2023-42502 Apache Superset: Open Redirect Vulnerability
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0...
Couchbase < 7.2.6 / 7.6.x < 7.6.2 HTTP Host Header Injection
The version of Couchbase installed on the remote host is before 7.2.6, and 7.6.x before 7.6.2. It is, therefore, affected by a HTTP Host header injection. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...
CVE-2024-30129
The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address...
CVE-2024-30129
CVE-2024-30129 affects HCL Nomad Server on Domino. The vulnerability is a host header injection: manipulating the HTTP Host header can redirect or route requests to a different domain/IP and alter behavior. The CVSS v3.1 base score is 5.3 (Medium), with impact primarily on confidentiality as Low ...
CVE-2024-25673
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection...
CVE-2024-25673
CVE-2024-25673 affects Couchbase Server and enables HTTP Host header injection in affected branches: Couchbase Server 7.6.x prior to 7.6.2 and 7.2.x prior to 7.2.6 (and earlier versions). The vulnerability is due to improper handling of the Host header in HTTP requests. Observed impact per source...
Couchbase Server 注入漏洞
Couchbase Server is a distributed open source NoSQL non-relational database from Couchbase Inc. in the United States. It supports features such as data query, full-text search and active global replication. A security vulnerability exists in Couchbase Server 7.6.x in versions prior to 7.6.2 and...
CVE-2024-42547
TOTOLINK A3100R V4.1.2cu.5050B20200504 has a buffer overflow vulnerability in the httphost parameter in the loginauth function...