Weaknesses of type CWE-644
55 resultsCVE-2024-39736MEDIUMIBM Datacap Navigator HTTP HOST header injectionEPSS 0.4%CVE-2025-0154MEDIUMIBM TXSeries for Multiplatforms information disclosureEPSS 0.4%CVE-2025-64425HIGHCoolify has host header injection in forgot passwordEPSS 0.4%CVE-2025-70948CRITICALA host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and exeEPSS 0.4%CVE-2024-47549HIGHSharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP reEPSS 0.3%CVE-2026-48126HIGHAlgernon: Host header path traversal in --domain mode reads files and runs Lua from parent dirEPSS 0.3%CVE-2026-33805CRITICAL@fastify/reply-from vulnerable to connection header abuse enabling stripping of proxy-added headersEPSS 0.3%CVE-2026-10836MEDIUMImproper neutralization of HTTP headers in Password ManagerEPSS 0.3%CVE-2026-33149HIGHTandoor Recipes Vulnerable to Host Header InjectionEPSS 0.3%CVE-2024-30129MEDIUMHCL Nomad server on Domino is affected by a host header injection vulnerabilityEPSS 0.3%CVE-2025-13803MEDIUMMediaCrush Header paths.py http headers for scripting syntaxEPSS 0.3%CVE-2025-52660LOWHCL AION is affected by an Host Header Injection vulnerabilityEPSS 0.3%CVE-2025-23001MEDIUMA Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header.EPSS 0.3%CVE-2023-26289MEDIUMIBM Aspera Orchestrator HTTP header injectionEPSS 0.3%CVE-2023-45190MEDIUMIBM Engineering Lifecycle Optimization HTTP header injectionEPSS 0.3%CVE-2025-2950MEDIUMIBM i improper HTTP header neutralizationEPSS 0.2%CVE-2025-27632MEDIUMA Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request EPSS 0.2%CVE-2025-23191LOWCache Poisoning through header manipulation vulnerability in SAP Fiori for SAP ERPEPSS 0.2%CVE-2025-14807MEDIUMIBM InfoSphere Information Server is vulnerable to HTTP header injectionEPSS 0.2%CVE-2024-51451MEDIUMMultiple Vulnerabilities in IBM Concert SoftwareEPSS 0.2%