EUVD-2025-206233

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, an attacker can initiate a password reset for a victim, and modify the host header of the request to a malicious value. The victim will...

EUVD-2022-5496

Malicious code in bioql PyPI...

GHSA-2WMJ-46RJ-QM2W ZITADEL Account Takeover via Malicious Host Header Injection

Impact ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the link to a malicious site in the email, the secret code c...

ZITADEL Account Takeover via Malicious Host Header Injection

Impact ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the link to a malicious site in the email, the secret code c...

Open Redirection

rails is vulnerable to open redirection. Inadequate validation and regex matching of URLs allows an attacker to bypass validation checks using a malicious Host header and redirect users to a malicious website...

Hardcoded credentials

A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate...

CVE-2017-12632

A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate...