CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

CVE-2026-47220

A flaw was found in Envoy. A remote attacker can exploit this vulnerability by sending a request with a missing host header when the %REQUESTEDSERVERNAMEX:Y% is used in the log format and host-related options, such as HOSTFIRST or SNIFIRST, are specified. This can lead to a crash of the Envoy...

7.5CVSS5.7AI score0.0046EPSS

Exploits0References4

Positive Technologies•added 2026/03/30 12:0 a.m.•8 views

PT-2026-29163

Summary The /loadIG HTTP endpoint in the FHIR Validator HTTP service accepts a user-supplied URL via JSON body and makes server-side HTTP requests to it without any hostname, scheme, or domain validation. An unauthenticated attacker with network access to the validator can probe internal network...

5.8CVSS6AI score0.00235EPSS

Exploits1References4

Snyk•added 2026/03/18 8:49 p.m.•9 views

Origin Validation Error

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Origin Validation Error in the REST/WebUI FastAPI application due to the lack of host header validation and the absence of an allowlist for trusted hosts. An attacker can gain...

6CVSS5.8AI score0.0016EPSS

Exploits1References2

CNNVD•added 2026/03/18 12:0 a.m.•5 views

glances 安全漏洞

Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of application-level host permission checks in REST/WebUI applications. This could lead to DNS redirection attacks,...

5.9CVSS5.8AI score0.0016EPSS

Exploits1References4

NVD•added 2026/02/26 12:16 a.m.•12 views

CVE-2026-27808

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...

8.6CVSS0.00468EPSS

Exploits1References3

Tenable Nessus•added 2026/01/15 12:0 a.m.•4 views

EulerOS 2.0 SP10 : curl (EulerOS-SA-2026-1044)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. Th...

4.3CVSS5.9AI score0.00373EPSS

Exploits1References2

Vulnrichment•added 2025/11/07 7:26 a.m.•2 views

CVE-2025-10966 missing SFTP host verification with wolfSSH

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

6.4AI score0.00373EPSS

Exploits1References3

CVE•added 2025/11/07 7:26 a.m.•49 views

CVE-2025-10966

CVE-2025-10966 affects curl by a flaw in its SSH connection handling when SFTP uses the wolfSSH backend, causing missed host verification and allowing MITM-like issues. The connected Nessus advisories for EulerOS, Unity Linux, Photon OS, and related OS advisories repeatedly reference this CVE as ...

4.3CVSS6.7AI score0.00373EPSS

Exploits1References5Affected Software1

SUSE CVE•added 2023/02/15 5:20 a.m.•4 views

SUSE CVE-2015-2296

The resolveredirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect...

6.8CVSS7AI score0.03432EPSS

Exploits0References20

Positive Technologies•added 2021/03/30 12:0 a.m.•8 views

PT-2024-11072 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A resource leak has been identified in the Linux kernel, specifically in the remove function of the mmc: uniphier-sd module. The issue arises from a missing tmio mmc host free call in...

7.8CVSS6.6AI score0.01549EPSS

Exploits5References816

Citrix•added 2019/10/23 12:0 a.m.•6 views

Missing HOST SPN can cause workstation trust relationship error

User or admin is unable to login to a computer remotely using a domain account and sees this error: "The security database on the server does not have a computer account for this workstation trust relationship."...

7.2AI score

Exploits0

OSV•added 2017/06/07 1:29 a.m.•1 views

ALPINE-CVE-2017-9468

In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash...

7.5CVSS7AI score0.03248EPSS

Exploits0References1

OSV•added 2017/06/06 12:0 a.m.•6 views

UBUNTU-CVE-2017-9468

In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash...

7.5CVSS7.2AI score0.03248EPSS

Exploits0References5

exploitpack•added 2004/02/11 12:0 a.m.•11 views

Monkey HTTP Daemon 0.x - Missing Host Field Denial of Service

Monkey HTTP Daemon 0.x - Missing Host Field Denial of Service source: https://www.securityfocus.com/bid/9642/info Monkey HTTP Daemon is prone to a denial of service attacks. HTTP GET requests, which do not include a 'Host' header field, will trigger this condition. The server will need to be...

Exploits0

Exploit DB•added 2004/02/11 12:0 a.m.•22 views

Monkey HTTP Daemon 0.x - Missing Host Field Denial of Service

source: https://www.securityfocus.com/bid/9642/info Monkey HTTP Daemon is prone to a denial of service attacks. HTTP GET requests, which do not include a 'Host' header field, will trigger this condition. The server will need to be restarted to regain normal functionality...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by