11613 matches found
CVE-2025-41359 Multiple vulnerabilities in Small HTTP server by Smallsrv
Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files x86\shttpsmg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority...
CVE-2025-41359
The CVE-2025-41359 vulnerability affects Small HTTP Server 3.06.36, due to an unquoted service path for the executable at C:\Program Files (x86)\shttps_mg\http.exe. This misconfiguration enables a local attacker to place a higher-priority malicious executable with the same name, causing the servi...
CVE-2025-41368
Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server...
CVE-2025-41368 Multiple vulnerabilities in Small HTTP server by Smallsrv
Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server...
PT-2026-28284
Name of the Vulnerable Software and Affected Versions Small HTTP Server version 3.06.36 Description The issue involves an unquoted service path in Small HTTP Server. Specifically, the vulnerability affects the executable located at 'C:Program Files x86shttps mghttp.exe service'. This...
Small Http Server 代码问题漏洞
Small Http Server is a small HTTP server developed by Max Feoktistov. Version 3.06.36 of Small Http Server has code vulnerabilities. These vulnerabilities stem from service path paths that are not enclosed in quotes. This could allow local attackers to place malicious executable files in...
PT-2026-28285
Name of the Vulnerable Software and Affected Versions Small HTTP Server version 3.06.36 Description An authenticated path traversal issue exists in the Small HTTP Server service. A remote user can bypass the intended restrictions of the SecurityManager and potentially display any file if they hav...
Cisco IOS Software and IOS XE Software Release 3E HTTP Server Denial of Service Vulnerability
A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to improper validation ...
PT-2026-27799
Name of the Vulnerable Software and Affected Versions Cisco IOS Software and Cisco IOS XE Software Release 3E Description A flaw exists in the HTTP Server feature that could allow a remote attacker with valid user credentials to cause an unexpected device reload, leading to a denial of service Do...
CVE-2025-33238
NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service...
CVE-2026-33307
A flaw was found in modgnutls, a TLS module for Apache HTTPD. A remote attacker could exploit this vulnerability by sending a specially crafted client certificate chain to a server configured to use client certificates. This could lead to a buffer overflow due to the module not properly checking...
UBUNTU-CVE-2026-33307
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...
CVE-2026-33307 mod_gnutils has stack-based buffer overflow caused by a long client certificate chain
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...
PT-2026-27302
Name of the Vulnerable Software and Affected Versions Mod gnutls versions prior to 0.12.3 Mod gnutls versions prior to 0.13.0 Description Mod gnutls is a TLS module for Apache HTTPD based on GnuTLS. The software contains an issue where code for client certificate verification imports the...
CVE-2026-33231
A flaw was found in NLTK Natural Language Toolkit, specifically in the nltk.app.wordnetapp component. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted GET request to the local WordNet Browser HTTP server when it is running in its default...
📄 Cursor IDE MCP Deeplink Remote Code Execution
This Metasploit module exploits the MCP deeplink functionality in Cursor IDE through social engineering. The cursor:// protocol handler can be abused when a user accepts an installation prompt, leading to arbitrary command execution...
Exploit for Path Traversal in Apache Http_Server
https://n...
CVE-2026-33231
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server whe...
CVE-2026-33231
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server whe...
CVE-2026-33231
CVE-2026-33231 affects NLTK’s nltk.app.wordnet_app in versions 3.9.3 and earlier, where the WordNet Browser HTTP server started in default mode can be remotely shutdown by an unauthenticated GET request to /SHUTDOWN%20THE%20SERVER, causing a denial of service via os._exit(0). IBM’s bulletin/Secur...