Lucene search
K

22181 matches found

CVE
CVE
added 2026/01/24 1:50 a.m.14 views

CVE-2026-24469

CVE-2026-24469 concerns the C++ HTTP Server (versions 1.0 and below) with a path traversal vulnerability in RequestHandler::handleRequest. The issue stems from failing to sanitize the user-controlled URL path filename before concatenating it to the files_directory base path, enabling an unauthent...

7.5CVSS5.8AI score0.00589EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/24 1:50 a.m.3 views

CVE-2026-24469

C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote attacker to read arbitrary files from the server's...

7.5CVSS6AI score0.00589EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/24 1:50 a.m.32 views

CVE-2026-24469 C++ HTTP Server has Critical Path Traversal Vulnerability in RequestHandler Allowing Arbitrary File Read

C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote attacker to read arbitrary files from the server's...

7.5CVSS0.00589EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/01/24 12:24 a.m.4 views

SUSE CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

5.5CVSS5.4AI score0.0017EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.6 views

PT-2026-4564

C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote attacker to read arbitrary files from the server's...

7.5CVSS5.8AI score0.00589EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.8 views

C++ HTTP Server path traversal vulnerability

C++ HTTP Server is an HTTP/1.1 server developed by Aryan Singh. Versions of C++ HTTP Server 1.0 and earlier had a path traversal vulnerability. This vulnerability stemmed from the RequestHandler::handleRequest method, which did not clean user-controlled file names, potentially allowing for path...

7.5CVSS7.4AI score0.00589EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/23 4:47 p.m.4 views

CVE-2021-47899 YetiShare File Hosting Script 5.1.0 Remote File Upload SSRF Vulnerability

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the urluploadhandler endpoint to access sensitive files like /etc/passwd by...

6.9CVSS5.5AI score0.00258EPSS
Exploits0References4
CVE
CVE
added 2026/01/23 4:47 p.m.11 views

CVE-2021-47899

CVE-2021-47899 affects YetiShare File Hosting Script version 5.1.0. The vulnerability is a server‑side request forgery (SSRF) in the remote file upload feature, exploitable via the url parameter in the /url_upload_handler endpoint to read local files using the file:/// protocol (e.g., /etc/passwd...

6.9CVSS5.5AI score0.00258EPSS
Exploits0References4
NVD
NVD
added 2026/01/23 4:15 p.m.8 views

CVE-2026-22992

In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from monhandleauthdone Currently any error from cephauthhandlereplydone is propagated via finishauth but isn't returned from monhandleauthdone. This results in higher layers learning that despite...

7.5CVSS0.00268EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/23 3:21 p.m.7 views

CVE-2026-1327

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...

8.8CVSS6.4AI score0.02646EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/23 3:21 p.m.9 views

CVE-2026-1326

A weakness has been identified in Totolink NR1800X 9.1.0u.6279B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated...

8.8CVSS6.5AI score0.03212EPSS
Exploits1References1
NVD
NVD
added 2026/01/23 8:16 a.m.15 views

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.9CVSS0.0017EPSS
Exploits0References2
OSV
OSV
added 2026/01/23 8:16 a.m.2 views

ALPINE-CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.5CVSS5.1AI score0.0017EPSS
Exploits0References1
OSV
OSV
added 2026/01/23 8:16 a.m.6 views

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.5CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2026/01/23 8:16 a.m.6 views

AZL-75216 CVE-2026-24515 affecting package expat for versions less than 2.6.4-3

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.9CVSS7.2AI score0.0017EPSS
Exploits0References1
OSV
OSV
added 2026/01/23 8:16 a.m.6 views

UBUNTU-CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.9CVSS7.1AI score0.0017EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/23 7:46 a.m.30 views

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.9CVSS0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 7:46 a.m.5 views

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

9.8CVSS5.2AI score0.0017EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/23 7:46 a.m.1 views

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.9CVSS5.4AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 7:46 a.m.165 views

CVE-2026-24515

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. This vulnerability (CVE-2026-24515) is reflected across multiple advisories/plugins; remediation is to update expat to a version 2.7.4 or newer where the issue is fixed.

2.9CVSS5.4AI score0.0017EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder