Lucene search
K

17 matches found

CVE
CVE
added 2026/07/03 5:23 p.m.25 views

CVE-2026-14631

Vulnerability overview: CVE-2026-14631 affects webpack-dev-server up to version 5.2.5. An unauthenticated peer sending a normal HTTP request with a malformed Host header or a WebSocket upgrade to /ws with a malformed Origin header triggers an uncaught exception in the host-validation path, crashi...

5.3CVSS6AI score0.00308EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/03 5:23 p.m.42 views

CVE-2026-14631 webpack-dev-server vulnerable to denial of service via a malformed Host or Origin header

webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught...

5.3CVSS0.00308EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 12:34 p.m.60 views

CVE-2026-48998

GuzzleHttp/psr7 (PHP) before version 2.10.2 is affected by improper Host header validation when parsing raw HTTP requests or deriving a server request URI from server variables. An attacker can supply a Host header containing URI delimiters (for example [email protected]) that can be r...

5.3CVSS5.5AI score0.00198EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/26 10:16 p.m.19 views

UBUNTU-CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.01438EPSS
Exploits2References6
CVE
CVE
added 2026/05/26 9:54 p.m.221 views

CVE-2026-48710

Starlette (Python ASGI framework) contains a Host header validation issue in versions before 1.0.1. The HTTP Host header was not validated when reconstructing request.url, while routing relies on the raw path and request.url, allowing a malformed Host header to make request.url.path differ from t...

6.5CVSS5.8AI score0.01438EPSS
Exploits2References21Affected Software1
Debian CVE
Debian CVE
added 2026/05/26 9:54 p.m.14 views

CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.01438EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2026/05/05 9:23 a.m.14 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.5 views

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.12 (RHSA-2026:3891)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3891 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release o...

9.6CVSS7.7AI score0.0217EPSS
Exploits1References27
RedHat Linux
RedHat Linux
added 2026/03/05 1:38 p.m.6 views

undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

9.6CVSS5.8AI score0.01179EPSS
Exploits0References4
NVD
NVD
added 2026/02/26 2:16 a.m.9 views

CVE-2026-27959

Koa is middleware for Node.js using ES2017 async functions. Prior to versions 3.1.2 and 2.16.4, Koa's ctx.hostname API performs naive parsing of the HTTP Host header, extracting everything before the first colon without validating the input conforms to RFC 3986 hostname syntax. When a malformed...

8.2CVSS0.00334EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/01/08 4:53 p.m.12 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.3 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 8. A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A...

9.6CVSS7.6AI score0.0217EPSS
Exploits1References19
RedHat Linux
RedHat Linux
added 2026/01/08 4:53 p.m.5 views

undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

9.6CVSS5.8AI score0.01179EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2020/01/09 12:0 a.m.45 views

openSUSE: Security Advisory for go1.12 (openSUSE-SU-2019:2000-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS7.6AI score0.83433EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2019/11/05 9:23 p.m.7 views

golang: malformed hosts in URLs leads to authorization bypass

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname nor Port, and is related to a non-numeric port number. For example, an...

9.8CVSS7.4AI score0.08359EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2009/11/30 3:16 p.m.9 views

tomcat6 Denial-Of-Service with AJP connection

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...

5CVSS6.2AI score0.10053EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/11/09 3:37 p.m.6 views

tomcat6 Denial-Of-Service with AJP connection

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...

5CVSS6.2AI score0.10053EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2004/11/23 12:0 a.m.10 views

squid -- possible information disclosure

The squid-2.5 patches pages notes: In certain conditions Squid returns random data as error messages in response to malformed host name, possibly leaking random internal information which may come from other requests...

0.8AI score
Exploits0References1
Rows per page
Query Builder