Lucene search
+L

113 matches found

Cvelist
Cvelist
added 2026/05/26 9:54 p.m.47 views

CVE-2026-48710 Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS0.01438EPSS
Exploits2References7
OSV
OSV
added 2026/05/26 9:54 p.m.4 views

CVE-2026-48710 Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS6.4AI score0.01438EPSS
Exploits2References23
AlpineLinux
AlpineLinux
added 2026/05/26 9:54 p.m.19 views

CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.01438EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2026/05/26 12:0 a.m.17 views

CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.01438EPSS
Exploits2References5
EUVD
EUVD
added 2026/04/29 8:26 a.m.6 views

EUVD-2026-26201

This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system...

7.1CVSS5.3AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/28 6:15 a.m.7 views

EUVD-2026-26001

A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/componentserver/server.js. Executing a manipulation of the argument request.url can lead to path traversal. The attack can be launched remotely. The exploit...

7.5CVSS5.2AI score0.00428EPSS
Exploits0References5
OSV
OSV
added 2026/04/28 6:15 a.m.2 views

CVE-2026-7234 BrowserOperator browser-operator-core server.js startsWith path traversal

A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/componentserver/server.js. Executing a manipulation of the argument request.url can lead to path traversal. The attack can be launched remotely. The exploit...

6.9CVSS6.7AI score0.00428EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/04/02 11:26 p.m.8 views

SUSE CVE-2026-34475

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...

5.4CVSS5.8AI score0.00202EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.6 views

CVE-2026-4267

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$SERVER'REQUESTURI'’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/30 10:54 a.m.11 views

CVE-2026-34475

A flaw was found in Varnish Cache and Varnish Enterprise. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 requests with a path of / in the URL. This mishandling of URLs, specifically in unchecked req.url scenarios, could lead to cache poisoning, where an...

5.4CVSS5.9AI score0.00202EPSS
Exploits1References4
OSV
OSV
added 2026/03/27 8:16 p.m.12 views

UBUNTU-CVE-2026-34475

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass...

9.8CVSS5.8AI score0.00202EPSS
Exploits1References3
NVD
NVD
added 2026/03/20 11:18 a.m.6 views

CVE-2026-33131

H3 is a minimal HTTP framework. Versions 2.0.0-0 through 2.0.1-rc.14 contain a Host header spoofing vulnerability in the NodeRequestUrl which extends FastURL which allows middleware bypass. When event.url, event.url.hostname, or event.url.url is accessed, such as in a logging middleware, the url...

9.1CVSS0.00388EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/18 4:18 p.m.8 views

h3 has a middleware bypass with one gadget

H3 NodeRequestUrl bugs Vulnerable pieces of code : js import H3, serve, defineHandler, getQuery, getHeaders, readBody, defineNodeHandler from "h3"; let app = new H3 const internalOnly = defineHandlerevent, next = const token = event.headers.get"x-internal-key"; if token !==...

9.1CVSS5.9AI score0.00388EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/18 4:18 p.m.3 views

GHSA-3VJ8-JMXQ-CGJ5 h3 has a middleware bypass with one gadget

H3 NodeRequestUrl bugs Vulnerable pieces of code : js import H3, serve, defineHandler, getQuery, getHeaders, readBody, defineNodeHandler from "h3"; let app = new H3 const internalOnly = defineHandlerevent, next = const token = event.headers.get"x-internal-key"; if token !==...

7.4CVSS5.9AI score0.00388EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.8 views

PT-2026-26194

H3 NodeRequestUrl bugs Vulnerable pieces of code : js import H3, serve, defineHandler, getQuery, getHeaders, readBody, defineNodeHandler from "h3"; let app = new H3 const internalOnly = defineHandlerevent, next = const token = event.headers.get"x-internal-key"; if token !==...

9.1CVSS5.9AI score0.00388EPSS
Exploits1References6
Veracode
Veracode
added 2025/12/08 10:15 a.m.13 views

Server-Side Request Forgery (SSRF)

@angular/ssr is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server to...

8.7CVSS7AI score0.00406EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2025/10/16 7:42 p.m.10 views

Server-side Request Forgery (SSRF)

Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createRequestUrl function. An attacker can cause the server to make arbitrary HTTP requests to external domains by supplying a...

8.7CVSS7.1AI score0.00406EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2001-1488

Malware in sbrugna...

5CVSS6.4AI score0.01321EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-26159

Malware in sbrugna...

7.2CVSS5.1AI score0.01053EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2008-7150

Malware in sbrugna...

5CVSS6.3AI score0.01158EPSS
Exploits0References3
Rows per page
Query Builder