PT-2026-45831

CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...

Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

Summary When the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET request that results in a session timeout. An attacker who hosts a page with an...

Apollo MCP Server 访问控制错误漏洞

The Apollo MCP Server is an open-source service from Apollo GraphQL that exposes GraphQL operations as AI tools. Versions of the Apollo MCP Server prior to 1.7.0 contained a access control vulnerability. This vulnerability stemmed from the lack of validation of the Host header in incoming HTTP...

GHSA-CXJ8-GGF2-P57C Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow

Summary SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirecturi. Because the redirectUri configuration is silently unset by default, an attacker spoof the Host header to steal OAuth...

CVE-2026-32616 Pigeon has a Host Header Injection in email verification flow

Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $SERVER'HTTPHOST' without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification lin...

CVE-2026-29042 Nuclio Shell Runtime Command Injection Leading to Privilege Escalation

Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...

CVE-2025-62406

Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's...

CVE-2025-64115 Movary unvalidated Referer header allows open redirect and phishing

Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and...

DEBIAN-CVE-2025-52560

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard allows password reset emails to be sent with URLs derived from the unvalidated Host header when the applicationurl configuration is unset default behavior. This allows an attacker to...

thunderbird: Leak of hashed Window credentials via crafted attachment URL

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to...

Arista NG Firewall 跨站脚本漏洞

Arista NG Firewall is a WEB firewall from Arista Corporation. A cross-site scripting vulnerability exists in Arista NG Firewall, which stems from user data not being validated during User-Agent HTTP header processing, and could lead to cross-site scripting and remote code execution...

RHEL 6 : openstack-swift-plugin-swift3 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openstack-swift-plugin3: replay attack - date/date header unvalidated CVE-2015-8466 Note that Nessus has not tested...

cling 代码问题漏洞

cling is a UPnP/DLNA library for Java and Android. A code issue exists in 4thline cling versions 2.0.0 through 2.1.2, which is a Denial of Service vulnerability that stems from not validating the CALLBACK parameter in the header...