CWE-644: CWE-644

JUNG Smart Visu Server 1.1.1050 has a request header manipulation vulnerability where unauthenticated attackers can inject arbitrary values in the X-F...

CVE-2023-32465 is an authentication bypass vulnerability in Dell PowerProtect Cyber Recovery that allows attackers to gain unauthorized admin access t...

This vulnerability allows authenticated users to bypass OAuth2-Proxy's header filtering by using underscores instead of dashes in X-Forwarded-* header...

This vulnerability in Coolify allows attackers to hijack password reset emails by manipulating the host header. When victims click malicious reset lin...

CVE-2024-1064 is a host header injection vulnerability in Crafty Controller's HTTP handler that allows unauthenticated remote attackers to cause a Den...

MediaCrush 1.0.0 and 1.0.1 contain an HTTP header injection vulnerability in the Host header handling component. Attackers can inject malicious script...

This vulnerability in SAP Solution Manager's Diagnostics agent allows attackers to tamper with request headers, potentially poisoning content served t...

IBM DB2 Recovery Expert for LUW 5.5 is vulnerable to HTTP header injection due to improper validation of HOST headers. This allows attackers to inject...

IBM Concert versions 1.0.0 through 2.1.0 are vulnerable to HTTP header injection due to improper validation of HOST headers. This allows attackers to ...

IBM Datacap Navigator versions 9.1.5 through 9.1.9 are vulnerable to HTTP header injection due to improper validation of HOST headers. This allows att...

BigFix WebUI is vulnerable to Host Header Poisoning attacks where attackers can manipulate HTTP Host headers to redirect users to malicious sites or b...

A Host header injection vulnerability in CTFd 3.7.5 allows attackers to manipulate the Host header in HTTP requests. This can lead to phishing attacks...

IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection due to improper validation of HOST headers. This allows attackers to inject malicious...

IBM Aspera Console versions 3.4.0 through 3.4.4 are vulnerable to HTTP header injection due to improper validation of HOST headers. This allows attack...

CVE-2025-13434 is a vulnerability in jameschz Hush Framework 2.0 where improper neutralization of the HTTP Host header allows remote attackers to inje...

IBM TXSeries for Multiplatforms versions 9.1 and 11.1 have an HTTP header injection vulnerability that could allow remote attackers to read sensitive ...

CVE-2024-30129 is an HTTP host header manipulation vulnerability in HCL software that allows attackers to redirect requests to different domains/IP ad...

HCL AION has an unrestricted file upload vulnerability that allows attackers to upload malicious files. This could lead to remote code execution or sy...