CVE-2026-42535

A flaw was found in the moddavfs module of Apache HTTP Server. A WebDAV Web Distributed Authoring and Versioning content author could exploit a path handling issue to directly manipulate trusted DAV property databases. This manipulation could potentially lead to child process crashes, resulting i...

PT-2026-47319

Name of the Vulnerable Software and Affected Versions Apache versions prior to 2.4.68 Description A path handling issue in the mod dav fs module allows a WebDAV content author to directly manipulate trusted DAV property databases, which can potentially lead to child process crashes. Recommendatio...

CVE-2026-45283

A flaw was found in Nextcloud Server. An authenticated user could exploit this vulnerability to lock or unlock files belonging to other users by manipulating WebDAV Web Distributed Authoring and Versioning paths. This issue also led to the disclosure of lock tokens in error responses, potentially...

CLSA-2026-1779366970 tomcat6: Fix of CVE-2026-41284

CVE-2026-41284: tomcat6: WebDAV LOCK/PROPFIND unbounded request body DoS...

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the WebDAV backend process. An attacker can access and modify files outside the intended directory by exploiting symbolic links that point outside the designated root. This is only exploitable if...

CVE-2026-5131

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, with ACLs configured incorrectly. This can allow an attacker to communicate with the stream and upload XML or JSON files, which are processed by the named pipe under the service user’s privileges,...

CVE-2026-5311

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...

Windows File Explorer NTLM Forced Authentication Hash Disclosure 1.0

Windows File Explorer contains persistent forced authentication behavior that automatically transmits NTLM challenge-response hashes to remote SMB/WebDAV endpoints during routine file operations, enabling credential theft and potential domain compromise through NTLM relay attacks. This is not an...

Konica Bizhub Multifunction Printers Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-20871)

If a scanning destination that requires the registration of authentication information, such as FTP, SMB, or WebDAV, is registered in the address book of a multifunction printer, a remote attacker could steal the registered authentication information by sending a specific SOAP message...

CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...

PT-2025-51293

Name of the Vulnerable Software and Affected Versions GOM Player version 2.3.90.5360 Description GOM Player has a remote code execution issue in its Internet Explorer component. An attacker can execute arbitrary code through DNS spoofing. The attack involves redirecting a victim using a malicious...

NextChat 安全漏洞

NextChat is a NextChat open source project for rapid deployment of private ChatGPT web applications. A security vulnerability exists in NextChat 2.16.0 and earlier versions, which stems from a WebDAV proxy failing to normalize or reject point path segments in its wildcard routes, which could lead...

EUVD-2006-3694

Malware in sbrugna...

EUVD-2012-6608

Malware in sbrugna...

CVE-2025-33053

Summary of CVE-2025-33053 : A vulnerability in Windows WebDAV/Internet Shortcut handling allows remote code execution when a vulnerable host opens a crafted .url file that points to a WebDAV share. Exploitation relies on the WebClient service resolving UNC paths via WebDAV and may trigger arbitra...

Internet Shortcut Files Remote Code Execution Vulnerability

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network...

Microsoft Windows External Control of File Name or Path Vulnerability

Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files...

Infinera Transcend Network Management System 安全漏洞

Infinera Transcend Network Management System Infinera TNMS is a powerful element, network, and service management system from Infinera USA. A security vulnerability exists in Infinera Transcend Network Management System version 19.10.3, which stems from a WebDAV service that allows a low-privileg...

South River WebDrive Security Vulnerability

South River WebDrive is a software from South River that can map cloud storage or enterprise file servers to local drives. A security vulnerability exists in South River WebDrive version 18.00.5057 that stems from the component New Secure WebDAV that causes a denial of service...

The vulnerability of the application interface for WebDAV web applications used for syncing data with ownCloud allows a perpetrator to bypass authentication procedures and gain access to read, modify, or delete data.

The vulnerability of the WebDAV application interface for data synchronization with ownCloud is related to initialization errors caused by the lack of configuration of signature keys for pre-signed URL addresses. Exploiting this vulnerability allows an attacker to bypass authentication procedures...