Fallos del tipo CWE-644
55 resultadosCVE-2017-6031—A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers foEPSS 2.8%CVE-2021-21265MEDIUMOctober CMS vulnerable to Potential Host Header Poisoning on misconfigured serversEPSS 1.5%CVE-2021-41114MEDIUMHTTP Host Header Injection in Request Handling in Typo3EPSS 1.2%CVE-2021-20784MEDIUMHTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject anEPSS 1.1%CVE-2020-6982—In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execEPSS 1.1%CVE-2024-1064HIGHImproper Neutralization of HTTP Headers for Scripting Syntax in Crafty Controller 4EPSS 0.8%CVE-2023-47143CRITICALIBM Tivoli Application Dependency Discovery Manager HOST header injectionEPSS 0.8%CVE-2023-32465HIGH
Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerabilitEPSS 0.7%CVE-2022-34316LOWIBM CICS TX information disclosureEPSS 0.6%CVE-2025-64484HIGHOAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalationEPSS 0.6%CVE-2023-36921HIGHHeader Injection in SAP Solution Manager (Diagnostic Agent)EPSS 0.5%CVE-2024-21499MEDIUMAll versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due EPSS 0.5%CVE-2026-26234HIGHJUNG Smart Visu Server - Improper Neutralization of HTTP Headers for Scripting SyntaxEPSS 0.5%CVE-2022-45102MEDIUM
Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attaEPSS 0.5%CVE-2024-10006HIGHConsul L7 Intentions Vulnerable To Headers BypassEPSS 0.5%CVE-2025-13434MEDIUMjameschz Hush Framework HTTP Host Header Util.php http headers for scripting syntaxEPSS 0.4%CVE-2023-34036MEDIUMForwarded header exploit with Spring HATEOAS on WebFluxEPSS 0.4%CVE-2026-26747CRITICALA Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProEPSS 0.4%CVE-2021-38997MEDIUMIBM API Connect HOST header injectionEPSS 0.4%CVE-2022-22399MEDIUMIBM Aspera Faspex HTTP header injectionEPSS 0.4%