Skip to main content

Net 9 Starter Kit

1 CVEs product

Monthly

CVE-2024-26470 NuGet HIGH POC This Week

A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Net 9 Starter Kit
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
EPSS 1% CVSS 8.1
HIGH POC This Week

A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Net 9 Starter Kit
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy