Lucene search
K

20 matches found

GithubExploit
GithubExploit
added 2026/02/19 4:10 p.m.193 views

Exploit for CVE-2026-27180

MajorDoMo RCE !Authorhttps://img.shields.io/badge/Author-Mo...

9.8CVSS7.2AI score0.01086EPSS
Exploits4
Cvelist
Cvelist
added 2026/02/18 9:10 p.m.25 views

CVE-2026-27180 MajorDoMo Supply Chain Remote Code Execution via Update URL Poisoning

MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin method through the /objects/?module=saverestore endpoint without authentication because it uses gr'mode'...

9.8CVSS0.01086EPSS
Exploits4References3
CVE
CVE
added 2026/02/18 9:10 p.m.25 views

CVE-2026-27180

CVE-2026-27180 — MajorDoMo supply chain RCE : Affected MajorDoMo allows unauthenticated remote code execution via a poisoned update URL. The saverestore admin endpoint at /objects/?module=saverestore is exposed because gr('mode') reads from $_REQUEST instead of the framework’s mode, enabling an a...

9.8CVSS6.8AI score0.01086EPSS
Exploits4References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.12 views

PT-2026-20516

MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin method through the /objects/?module=saverestore endpoint without authentication because it uses gr'mode'...

9.8CVSS6.8AI score0.01086EPSS
Exploits4References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2022-6288

Malicious code in bioql PyPI...

7.2CVSS6.3AI score0.00615EPSS
Exploits0References8
NVD
NVD
added 2022/08/01 5:15 p.m.47 views

CVE-2022-31109

laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...

7.2CVSS0.00615EPSS
Exploits0References3
Prion
Prion
added 2022/08/01 5:15 p.m.26 views

Design/Logic Flaw

laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...

5.8CVSS6AI score0.00615EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/08/01 4:15 p.m.53 views

CVE-2022-31109 HTTP Host Header Attack Vulnerability in laminas-diactoros

laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...

7.2CVSS6.9AI score0.00615EPSS
Exploits0References3
CVE
CVE
added 2022/08/01 4:15 p.m.115 views

CVE-2022-31109

CVE-2022-31109 affects laminas-diactoros (PSR-7/PSR-17 implementation). The issue arises when X-Forwarded-* headers can influence Laminas\Diactoros\Uri in the ServerRequest, potentially altering host/protocol/port and enabling XSS or URL poisoning if a linked URL uses the modified value. Mitigati...

7.2CVSS6.1AI score0.00615EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/08/01 4:15 p.m.12 views

CVE-2022-31109 HTTP Host Header Attack Vulnerability in laminas-diactoros

laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...

7.2CVSS6.8AI score0.00615EPSS
Exploits0References3
OSV
OSV
added 2022/08/01 4:15 p.m.17 views

CVE-2022-31109 HTTP Host Header Attack Vulnerability in laminas-diactoros

laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...

7.2CVSS6.2AI score0.00615EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/07/29 10:26 p.m.24 views

mezzio-swoole Applications Using Diactoros Vulnerable to HTTP Host Header Attack

Impact mezzio-swoole applications using Diactoros for their PSR-7 implementation, and which are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request...

2.2AI score
Exploits0References2Affected Software1
OSV
OSV
added 2022/07/29 10:26 p.m.25 views

GHSA-C8RP-CGF4-937W mezzio-swoole Applications Using Diactoros Vulnerable to HTTP Host Header Attack

Impact mezzio-swoole applications using Diactoros for their PSR-7 implementation, and which are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request...

6.2AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/07/27 10:5 p.m.28 views

Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack

Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from X-Forwarded-...

7.2CVSS5.9AI score0.00615EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/07/27 10:5 p.m.23 views

GHSA-8274-H5JP-97VR Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack

Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from X-Forwarded-...

6.1CVSS6.3AI score0.00615EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.4 views

PT-2022-20534 · Laminas · Laminas Diactoros

Name of the Vulnerable Software and Affected Versions: laminas-diactoros versions prior to 2.11.1 Description: The laminas-diactoros PHP package is vulnerable to potential host, protocol, and/or port modification of a LaminasDiactorosUri instance associated with the incoming server request, based...

7.2CVSS6AI score0.00615EPSS
Exploits0References12
Laminas
Laminas
added 2022/07/25 9:35 p.m.51 views

HTTP Host Header Attack Vulnerabilities

The package laminas/laminas-diactoros Diactoros is a PSR-7 HTTP Message and PSR-17 HTTP Message Factory implementation, providing HTTP request and response message representations both for making HTTP client requests and responding to HTTP requests server-side. When responding to an incoming...

6.3AI score
Exploits0References3Affected Software2
Friends Of PHP
Friends Of PHP
added 2022/07/25 7:29 p.m.29 views

Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack.

Description Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from...

5.8CVSS5.8AI score0.00615EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/07/25 7:29 p.m.24 views

Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack.

Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from X-Forwarded-...

7.2CVSS6.3AI score0.00615EPSS
Exploits0Affected Software1
OSV
OSV
added 2018/04/18 7:29 p.m.4 views

CVE-2018-1000158

cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of sendrecoveryemail in the line "$url = $config'adminurl' . '/login.php?recoverme=' . $code;" that can result in Administrator Password Reset Poisoning, specifically a reset URL pointing at an attacker...

8.8CVSS5.8AI score0.01086EPSS
Exploits1References1
Rows per page
Query Builder