104 matches found
CVE-2026-12200
A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...
CVE-2026-12200
Ritlabs TinyWeb Server (Windows, up to v1.94) is affected by a stack-based buffer overflow in the Header Handler’s libeay32.dll.html component. The vulnerability is triggered by manipulating the Authorization argument, allowing remote exploitation. An exploit has been disclosed publicly, and the ...
EUVD-2026-36675
A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...
CVE-2026-12200 Ritlabs TinyWeb Server Header libeay32.dll.html stack-based overflow
A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...
CVE-2026-12200 Ritlabs TinyWeb Server Header libeay32.dll.html stack-based overflow
A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...
PT-2026-49150
A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...
CVE-2026-29046
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...
CVE-2026-28497
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...
CVE-2026-29046
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...
CVE-2026-28497
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...
CVE-2026-29046
TinyWeb (Delphi, Win32) before v2.04 maps request header values into CGI environment variables (HTTP_*) and does not strictly reject dangerous control characters (CR, LF, NUL) or their encoded forms (%0d, %0a, %00). This can cause header value confusion across parser boundaries and place unsafe d...
CVE-2026-29046 TinyWeb: HTTP Header Control Character Injection into CGI Environment
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...
CVE-2026-29046
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...
CVE-2026-29046 TinyWeb: HTTP Header Control Character Injection into CGI Environment
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...
CVE-2026-29046 TinyWeb: HTTP Header Control Character Injection into CGI Environment
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...
EUVD-2026-9972
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...
CVE-2026-28497 TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...
CVE-2026-28497
TinyWeb (Delphi, Win32) before version 2.03 contains an integer overflow in the string-to-integer conversion routine (_Val) that enables an unauthenticated remote attacker to bypass Content-Length checks and perform HTTP Request Smuggling. This affects servers using persistent connections (Keep-A...
CVE-2026-28497 TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...
CVE-2026-28497 TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...