Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CubeCart Pre-Auth Password Reset Link Poisoning via HTTP Host Header (CVE-2026-4505)

github.com 2026-05-22查看中文 →
Security AdvisoryCVE-2026-4505HighCubeCart
Affected:
  • CubeCart <= 6.7.1
Fixed in:
  • 6.7.2
Referenced CVEs: CVE-2026-45055 · 8.1
文章内图片已隐藏以节省流量 · Upgrade to Pro to view images & offline archive
This content was auto-fetched from github.com, cleaned by our LLM pipeline, and translated to English. View original.
More from this source
Real ASGI Middleware Auth Bypass Vulnerability in v1.1.x and Fix 2026-06-17 Backpropagate v1.1.x Web UI Authentication Bypass and Authorization Failure 2026-06-17 Carrierwave Content-Type Denylist Regex Injection Bypass and Fix 2026-06-17 CarrierWave denylist bypass via Unescaped Regex Metacharacters PoC 2026-06-17 Carrierwave Blacklist Regex Bypass Fix 2026-06-17
Offline Archive

Offline screenshot & PDF are Pro-exclusive

Upgrade to Pro