Monthly
HTTP header smuggling in @fastify/reply-from ≤12.6.1 and @fastify/http-proxy ≤11.4.3 allows remote unauthenticated attackers to strip proxy-added security headers from upstream requests via malicious Connection header values. Attackers can retroactively remove headers intended for routing, access control, or authentication, potentially bypassing proxy-enforced security policies. CVSS 9.0 (Critical) with high integrity impact to both vulnerable and subsequent systems. EPSS 0.04% indicates low mass-exploitation probability despite proof-of-concept availability (SSVC). Vendor patches available: upgrade to @fastify/reply-from ≥12.6.2 or @fastify/http-proxy ≥11.4.4.
HTTP header injection in IBM Aspera Shares 1.9.9 through 1.11.0 allows authenticated attackers to conduct cross-site scripting, cache poisoning, and session hijacking attacks via improper validation of HOST headers. The vulnerability requires authenticated access and carries a CVSS score of 5.4 with moderate confidentiality and integrity impact. No public exploit code or active exploitation has been confirmed.
Tandoor Recipes versions through 2.5.3 permit Host header injection attacks that enable invite link poisoning, allowing authenticated administrators with high privileges to be social-engineered into sending system-generated invite tokens to attacker-controlled servers. The Django application's default ALLOWED_HOSTS='*' configuration fails to validate HTTP Host headers, which combined with request.build_absolute_uri() usage allows manipulation of all absolute URLs including invite emails, API pagination, and OpenAPI schemas. No public exploit identified at time of analysis; CVSS 8.1 reflects network-based attack requiring high privileges and user interaction with changed scope.
IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain an HTTP header injection vulnerability caused by improper validation of the HOST header, allowing unauthenticated remote attackers to conduct cross-site scripting (XSS), cache poisoning, and session hijacking attacks. A vendor patch is available, and while this vulnerability is not currently listed as actively exploited in CISA's Known Exploited Vulnerabilities catalog, the CVSS score of 6.5 with network accessibility and low attack complexity indicates moderate real-world risk.
Aspera Orchestrator versions up to 4.1.2 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 5.4).
Aspera Faspex versions up to 5.0.14.3 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 5.4).
Host header injection in @perfood/couch-auth v0.26.0 for password reset token theft.
PcVue versions 15.0.0 through 16.3.3 are vulnerable to HTTP Host header injection in the WebClient and WebScheduler authentication endpoints, allowing unauthenticated remote attackers to manipulate server behavior and potentially conduct phishing or cache poisoning attacks. The vulnerability affects the /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback, and /Authentication/Logout endpoints, with the ability to inject malicious payloads that could lead to information disclosure or data modification. Currently no patch is available for this medium-severity issue.
Host Header Poisoning in Monica 4.1.2 CRM. PoC available.
Db2 Recovery Expert versions up to 5.5.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).
HTTP header smuggling in @fastify/reply-from ≤12.6.1 and @fastify/http-proxy ≤11.4.3 allows remote unauthenticated attackers to strip proxy-added security headers from upstream requests via malicious Connection header values. Attackers can retroactively remove headers intended for routing, access control, or authentication, potentially bypassing proxy-enforced security policies. CVSS 9.0 (Critical) with high integrity impact to both vulnerable and subsequent systems. EPSS 0.04% indicates low mass-exploitation probability despite proof-of-concept availability (SSVC). Vendor patches available: upgrade to @fastify/reply-from ≥12.6.2 or @fastify/http-proxy ≥11.4.4.
HTTP header injection in IBM Aspera Shares 1.9.9 through 1.11.0 allows authenticated attackers to conduct cross-site scripting, cache poisoning, and session hijacking attacks via improper validation of HOST headers. The vulnerability requires authenticated access and carries a CVSS score of 5.4 with moderate confidentiality and integrity impact. No public exploit code or active exploitation has been confirmed.
Tandoor Recipes versions through 2.5.3 permit Host header injection attacks that enable invite link poisoning, allowing authenticated administrators with high privileges to be social-engineered into sending system-generated invite tokens to attacker-controlled servers. The Django application's default ALLOWED_HOSTS='*' configuration fails to validate HTTP Host headers, which combined with request.build_absolute_uri() usage allows manipulation of all absolute URLs including invite emails, API pagination, and OpenAPI schemas. No public exploit identified at time of analysis; CVSS 8.1 reflects network-based attack requiring high privileges and user interaction with changed scope.
IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain an HTTP header injection vulnerability caused by improper validation of the HOST header, allowing unauthenticated remote attackers to conduct cross-site scripting (XSS), cache poisoning, and session hijacking attacks. A vendor patch is available, and while this vulnerability is not currently listed as actively exploited in CISA's Known Exploited Vulnerabilities catalog, the CVSS score of 6.5 with network accessibility and low attack complexity indicates moderate real-world risk.
Aspera Orchestrator versions up to 4.1.2 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 5.4).
Aspera Faspex versions up to 5.0.14.3 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 5.4).
Host header injection in @perfood/couch-auth v0.26.0 for password reset token theft.
PcVue versions 15.0.0 through 16.3.3 are vulnerable to HTTP Host header injection in the WebClient and WebScheduler authentication endpoints, allowing unauthenticated remote attackers to manipulate server behavior and potentially conduct phishing or cache poisoning attacks. The vulnerability affects the /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback, and /Authentication/Logout endpoints, with the ability to inject malicious payloads that could lead to information disclosure or data modification. Currently no patch is available for this medium-severity issue.
Host Header Poisoning in Monica 4.1.2 CRM. PoC available.
Db2 Recovery Expert versions up to 5.5.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).