CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

RedhatCVE•added 2026/01/27 9:23 p.m.•3 views

CVE-2025-57785

A Double Free in XSLT showindex has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution...

6.5CVSS6AI score0.00154EPSS

Exploits0References1

NVD•added 2026/01/26 6:16 p.m.•3 views

CVE-2025-57785

A Double Free in XSLT showindex has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution...

6.5CVSS0.00154EPSS

Exploits0References1

Cvelist•added 2026/01/26 5:46 p.m.•21 views

CVE-2025-57785 Double free in XSLT in 'show_index'

A Double Free in XSLT showindex has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution...

0.00154EPSS

Exploits0References1

EUVD•added 2026/01/26 5:46 p.m.•4 views

EUVD-2025-206341

A Double Free in XSLT showindex has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution...

6.5CVSS6AI score0.00154EPSS

Exploits0References1

CVE•added 2026/01/26 5:46 p.m.•10 views

CVE-2025-57785

CVE-2025-57785 — Double Free in XSLT show_index (Hiawatha Webserver) Affected software: Hiawatha webserver versions 10.8.2 through 11.7 (as cited by Red Hat and CVE trackers). Technical detail: The vulnerability is a double free in the XSLT function show_index, a memory management error that may ...

6.5CVSS6.3AI score0.00154EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/01/26 12:0 a.m.•1 views

PT-2026-4798

Name of the Vulnerable Software and Affected Versions Hiawatha version 11.7 Description A double free issue exists in the XSLT show index function of the Hiawatha webserver. This allows an unauthenticated attacker to corrupt data, potentially leading to arbitrary code execution. The issue involve...

6.5CVSS6.2AI score0.00154EPSS

Exploits0References4

CERT•added 2025/09/09 12:0 a.m.•15 views

Hiawatha open-source web server has multiple vulnerabilities

Overview Hiawatha is an open-source webserver for Unix that has packages for Windows, macOS, and a variety of Linux distributions. Three vulnerabilities were identified for this lightweight web-server: improper handling of HTTP headers; an authentication-timing attack in the Tomahawk component; a...

6.5CVSS6.3AI score0.00154EPSS

Exploits0References1

OSV•added 2025/03/14 3:44 p.m.•1 views

OESA-2025-1272 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option...

7.5CVSS6.2AI score0.93602EPSS

Exploits15References4

RedHat Linux•added 2024/08/20 8:33 p.m.•4 views

aiohttp: XSS on index pages for static file handling

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. When using "web.static..., showindex=True", the resulting index pages do not escape file names. If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to...

6.1CVSS5.6AI score0.00709EPSS

Exploits0References4

SUSE CVE•added 2024/04/19 2:18 a.m.•1 views

SUSE CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS8.2AI score0.00709EPSS

Exploits0References5

OSV•added 2024/04/18 3:15 p.m.•0 views

AZL-43357 CVE-2024-27306 affecting package python-aiohttp 3.6.2-3

6.1CVSS6.7AI score0.00709EPSS

Exploits0References1

OSV•added 2024/04/18 3:15 p.m.•2 views

DEBIAN-CVE-2024-27306

6.1CVSS6.8AI score0.00709EPSS

Exploits0References1

OSV•added 2024/04/18 1:45 p.m.•0 views

GHSA-7GPW-8WMC-PM8G aiohttp Cross-site Scripting vulnerability on index pages for static file handling

Summary A XSS vulnerability exists on index pages for static file handling. Details When using web.static..., showindex=True, the resulting index pages do not escape file names. If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to XSS attacks...

6.1CVSS6.9AI score0.00709EPSS

Exploits0References10

Positive Technologies•added 2024/04/18 12:0 a.m.•2 views

PT-2024-21809 · Aiohttp +7 · Aiohttp +7

Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.9.4 Description: A XSS vulnerability exists on index pages for static file handling. This issue arises when using web.static..., show index=True, as the resulting index pages do not escape file names, making the...

7.5CVSS6.5AI score0.93602EPSS

Exploits21References94

CNNVD•added 2024/04/18 12:0 a.m.•1 views

aiohttp 跨站脚本漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A cross-site scripting vulnerability exists in aiohttp versions prior to 3.9.4, which stems from the use of web.static... , showindex=True, the generated index page does not escape filenames, leaving the...

6.1CVSS6.2AI score0.00709EPSS

Exploits0References8

NVD•added 2019/01/04 3:29 p.m.•13 views

CVE-2019-5311

An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter...

6.1CVSS6AI score0.0024EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by