5 matches found
CVE-2026-34198 Coolify: Password reset link poisoning via X-Forwarded-Host header spoofing
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...
phpBB 授权问题漏洞
phpBB is a set of web forum software developed by Ariefibis. Versions prior to phpBB 3.3.16 had authorization-related vulnerabilities. This vulnerability stemmed from host header injection, which could lead to malicious password reset links. When forceservervars is disabled, the server’s hostname...
EUVD-2021-1945
Malware in sbrugna...
PT-2023-21531 · Unknown · Pandora Fms
Name of the Vulnerable Software and Affected Versions: Pandora FMS versions prior to 7.71 Description: The issue is related to an Authentication Bypass by Spoofing vulnerability in the password reset process. This allows an unauthenticated attacker to initiate a password reset process for any use...
Weak Password Recovery Mechanism for Forgotten Password
Akaunting version 2.1.12 and earlier suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in version 2.1.13 of the product. Please...