Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/06/11 1:4 p.m.4 views

GHSA-34XG-WGJX-8XPH guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

Impact guzzlehttp/psr7 improperly interpreted malformed Host header values when constructing request URIs from inbound request data. This issue concerns inbound request parsing and server request construction. It does not require serializing a PSR-7 request, and it is not part of the normal...

5.3CVSS5.5AI score0.00313EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/06/11 1:4 p.m.9 views

guzzlehttp/psr7 has CRLF Injection via URI Host Component

Impact guzzlehttp/psr7 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. The issue requires a PSR-7 request to be serialized into a raw HTTP/1.x message, for example with GuzzleHttp\Psr7\Message::toString or an equivalent custom serializer. Creating a...

5.3CVSS5.5AI score0.0031EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/11 12:38 p.m.17 views

CVE-2026-49214 guzzlehttp/psr7 has CRLF Injection via URI Host Component

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulnerable flow is: First, an application accepts a user-controlled URL. Second, the URL is used to...

5.3CVSS5.5AI score0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/11 12:34 p.m.5 views

CVE-2026-48998 guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host header containing U...

5.3CVSS5.4AI score0.00313EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/01/03 4:55 p.m.23 views

CVE-2024-21631 Integer overflow in URI leading to potential host spoofing

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...

6.5CVSS6.9AI score0.00601EPSS
Exploits0References2
BDU FSTEC
BDU FSTECadded 2016/07/07 12:0 a.m.3 views

The vulnerability of the Firefox browser, which allows a remote attacker to bypass certificate verification

The vulnerability of the Firefox browser in handling alternative HTTP services allows a malicious actor to bypass the X.509 certificate verification for SSL servers by modifying the server address in the uri-host header of the HTTP/2 response...

4.3CVSS6.7AI score0.01174EPSS
Exploits0References3Affected Software1
CNVD
CNVDadded 2015/04/09 12:0 a.m.2 views

Mozilla Firefox Man-in-the-Middle Attack Vulnerability

Mozilla Firefox is a web browser developed by the Mozilla Foundation in conjunction with the open source community. A security vulnerability in the Mozilla Firefox HTTP Alternative Services feature allows attackers to bypass SSL services and conduct man-in-the-middle attacks by specifying a...

4.3CVSS6.6AI score0.01174EPSS
Exploits0References1
Rows per page
Query Builder