113 matches found
CVE-2026-48710 Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...
CVE-2026-48710 Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...
CVE-2026-48710
Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...
CVE-2026-48710
Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...
EUVD-2026-26201
This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system...
EUVD-2026-26001
A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/componentserver/server.js. Executing a manipulation of the argument request.url can lead to path traversal. The attack can be launched remotely. The exploit...
CVE-2026-7234 BrowserOperator browser-operator-core server.js startsWith path traversal
A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/componentserver/server.js. Executing a manipulation of the argument request.url can lead to path traversal. The attack can be launched remotely. The exploit...
SUSE CVE-2026-34475
Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...
CVE-2026-4267
The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-34475
A flaw was found in Varnish Cache and Varnish Enterprise. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 requests with a path of / in the URL. This mishandling of URLs, specifically in unchecked req.url scenarios, could lead to cache poisoning, where an...
UBUNTU-CVE-2026-34475
Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...
CVE-2026-33131
H3 is a minimal HTTP framework. Versions 2.0.0-0 through 2.0.1-rc.14 contain a Host header spoofing vulnerability in the NodeRequestUrl which extends FastURL which allows middleware bypass. When event.url, event.url.hostname, or event.url.url is accessed, such as in a logging middleware, the url...
h3 has a middleware bypass with one gadget
H3 NodeRequestUrl bugs Vulnerable pieces of code : js import H3, serve, defineHandler, getQuery, getHeaders, readBody, defineNodeHandler from "h3"; let app = new H3 const internalOnly = defineHandlerevent, next = const token = event.headers.get"x-internal-key"; if token !==...
GHSA-3VJ8-JMXQ-CGJ5 h3 has a middleware bypass with one gadget
H3 NodeRequestUrl bugs Vulnerable pieces of code : js import H3, serve, defineHandler, getQuery, getHeaders, readBody, defineNodeHandler from "h3"; let app = new H3 const internalOnly = defineHandlerevent, next = const token = event.headers.get"x-internal-key"; if token !==...
PT-2026-26194
H3 NodeRequestUrl bugs Vulnerable pieces of code : js import H3, serve, defineHandler, getQuery, getHeaders, readBody, defineNodeHandler from "h3"; let app = new H3 const internalOnly = defineHandlerevent, next = const token = event.headers.get"x-internal-key"; if token !==...
Server-Side Request Forgery (SSRF)
@angular/ssr is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server to...
Server-side Request Forgery (SSRF)
Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createRequestUrl function. An attacker can cause the server to make arbitrary HTTP requests to external domains by supplying a...
EUVD-2001-1488
Malware in sbrugna...
EUVD-2020-26159
Malware in sbrugna...
EUVD-2008-7150
Malware in sbrugna...