CVE-2022-38054

In Apache Airflow versions 2.2.4 through 2.3.3, the database webserver session backend was susceptible to session fixation...

CVE-2019-11536

Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The...

CVE-2020-7504

A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 Firmware version 1.5.2 and older which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent...

CVE-2020-10374

A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form...

CVE-2024-34715

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

CVE-2022-23439

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the Host header points to an arbitrary webserver...

africa.absa:inception-application (>=1.0.0 <=1.2.0), app.fmgp:scala-did-docs_3 (>=0.1.0-M16 <=0.1.0-M33) +3477 more potentially affected by CVE-2025-12543 via io.undertow:undertow-core (>=1.0.0.Alpha1 <=2.2.38.Final)

io.undertow:undertow-core MAVEN version =1.0.0.Alpha1, =1.0.0, =0.1.0-M16, =1.0.0, =0.4.0, =2.0.0, =1.0.2, =1.0.0, =1.2.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-12543 Source advisory: OSV:GHSA-J382-5JJ3-VW4J...

CVE-1999-0232

Buffer overflow in NCSA WebServer version 1.5c gives remote access...

CVE-1999-0235

Buffer overflow in NCSA WebServer 1.4.1 and below gives remote access...

CVE-2020-36921

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication...

CVE-2020-36921

Technical details are not publicly provided in the supplied documents. The records describe an information disclosure in RED-V 5.1.1 but do not specify affected components, root cause, exploitation details, or mitigations. Monitor for updates.

CVE-2020-36921 RED-V Super Digital Signage System 5.1.1 Log Information Disclosure Vulnerability

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication...

CVE-2020-36921 RED-V Super Digital Signage System 5.1.1 Log Information Disclosure Vulnerability

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication...

PT-2026-1454

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication...

Remote Code Execution (RCE)

Apache Airflow Providers Edge3 is vulnerable to Remote Code Execution RCE. The vulnerability is due to exposure of a non-public Worker RPC API enabled when the Edge3 provider was installed on Airflow 2, where development-only APIs intended for internal testing allowed DAG authors to execute...

PT-2026-29242

Name of the Vulnerable Software and Affected Versions Versions affected versions not specified Description A misconfiguration of the Cross-Origin Resource Sharing CORS policy exists when the internal webserver is enabled. An attacker may be able to trick an administrator logged into the dashboard...

CVE-2023-53944

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read syst...

CVE-2023-53941

EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the appservicecontrol parameter. Attackers can send POST requests to /index.php?zone=settings with crafted...

CVE-2023-53944

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read syst...

CVE-2023-53944

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read syst...