Monthly
HTTP header injection in IBM Aspera Shares 1.9.9 through 1.11.0 allows authenticated attackers to conduct cross-site scripting, cache poisoning, and session hijacking attacks via improper validation of HOST headers. The vulnerability requires authenticated access and carries a CVSS score of 5.4 with moderate confidentiality and integrity impact. No public exploit code or active exploitation has been confirmed.
Tandoor Recipes versions through 2.5.3 permit Host header injection attacks that enable invite link poisoning, allowing authenticated administrators with high privileges to be social-engineered into sending system-generated invite tokens to attacker-controlled servers. The Django application's default ALLOWED_HOSTS='*' configuration fails to validate HTTP Host headers, which combined with request.build_absolute_uri() usage allows manipulation of all absolute URLs including invite emails, API pagination, and OpenAPI schemas. No public exploit identified at time of analysis; CVSS 8.1 reflects network-based attack requiring high privileges and user interaction with changed scope.
IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain an HTTP header injection vulnerability caused by improper validation of the HOST header, allowing unauthenticated remote attackers to conduct cross-site scripting (XSS), cache poisoning, and session hijacking attacks. A vendor patch is available, and while this vulnerability is not currently listed as actively exploited in CISA's Known Exploited Vulnerabilities catalog, the CVSS score of 6.5 with network accessibility and low attack complexity indicates moderate real-world risk.
Aspera Orchestrator versions up to 4.1.2 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 5.4).
Aspera Faspex versions up to 5.0.14.3 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 5.4).
Host header injection in @perfood/couch-auth v0.26.0 for password reset token theft.
PcVue versions 15.0.0 through 16.3.3 are vulnerable to HTTP Host header injection in the WebClient and WebScheduler authentication endpoints, allowing unauthenticated remote attackers to manipulate server behavior and potentially conduct phishing or cache poisoning attacks. The vulnerability affects the /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback, and /Authentication/Logout endpoints, with the ability to inject malicious payloads that could lead to information disclosure or data modification. Currently no patch is available for this medium-severity issue.
Host Header Poisoning in Monica 4.1.2 CRM. PoC available.
Db2 Recovery Expert versions up to 5.5.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).
Smart Visu Server Firmware contains a vulnerability that allows attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host head (CVSS 8.8).
HTTP header injection in IBM Aspera Shares 1.9.9 through 1.11.0 allows authenticated attackers to conduct cross-site scripting, cache poisoning, and session hijacking attacks via improper validation of HOST headers. The vulnerability requires authenticated access and carries a CVSS score of 5.4 with moderate confidentiality and integrity impact. No public exploit code or active exploitation has been confirmed.
Tandoor Recipes versions through 2.5.3 permit Host header injection attacks that enable invite link poisoning, allowing authenticated administrators with high privileges to be social-engineered into sending system-generated invite tokens to attacker-controlled servers. The Django application's default ALLOWED_HOSTS='*' configuration fails to validate HTTP Host headers, which combined with request.build_absolute_uri() usage allows manipulation of all absolute URLs including invite emails, API pagination, and OpenAPI schemas. No public exploit identified at time of analysis; CVSS 8.1 reflects network-based attack requiring high privileges and user interaction with changed scope.
IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 contain an HTTP header injection vulnerability caused by improper validation of the HOST header, allowing unauthenticated remote attackers to conduct cross-site scripting (XSS), cache poisoning, and session hijacking attacks. A vendor patch is available, and while this vulnerability is not currently listed as actively exploited in CISA's Known Exploited Vulnerabilities catalog, the CVSS score of 6.5 with network accessibility and low attack complexity indicates moderate real-world risk.
Aspera Orchestrator versions up to 4.1.2 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 5.4).
Aspera Faspex versions up to 5.0.14.3 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 5.4).
Host header injection in @perfood/couch-auth v0.26.0 for password reset token theft.
PcVue versions 15.0.0 through 16.3.3 are vulnerable to HTTP Host header injection in the WebClient and WebScheduler authentication endpoints, allowing unauthenticated remote attackers to manipulate server behavior and potentially conduct phishing or cache poisoning attacks. The vulnerability affects the /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback, and /Authentication/Logout endpoints, with the ability to inject malicious payloads that could lead to information disclosure or data modification. Currently no patch is available for this medium-severity issue.
Host Header Poisoning in Monica 4.1.2 CRM. PoC available.
Db2 Recovery Expert versions up to 5.5.0 contains a vulnerability that allows attackers to conduct various attacks against the vulnerable system, including cross-site scri (CVSS 6.5).
Smart Visu Server Firmware contains a vulnerability that allows attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host head (CVSS 8.8).