CVE-2026-42855 arduino-esp32: Digest authentication URI mismatch bypass in WebServer allows cross-resource replay attack

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

CVE-2024-14028

Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS. This issue affects: smartLink HW-DP: through 1.31 smartLink HW-PN: before 1.02...

PT-2026-28269

CVE-2024-14028 Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS. This issue affects: smartLink HW-DP: through 1.31 smartLink HW-P… https://t.co/xfrfN9Qbrx...

CVE-2025-13406 Scanning for higher HART revision device leads into NULL pointer dereference in live list

NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT Webserver modules allows HTTP DoS.This issue affects smartLink SW-HT: 1.43...

CVE-2025-10461

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker filesystem modules allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03...

CVE-2020-10374

A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form...

CVE-2023-53941

CVE-2023-53941 describes an OS command injection in EasyPHP Webserver 14.1. An unauthenticated attacker can trigger remote code execution by crafting the app_service_control payload and sending a POST to /index.php?zone=settings, leading to commands executed with administrative privileges. The CV...

Socomec DIRIS Digiware M-70 WEBVIEW-M cross-site request forgery (CSRF) vulnerability

Talos Vulnerability Report TALOS-2024-2116 Socomec DIRIS Digiware M-70 WEBVIEW-M cross-site request forgery CSRF vulnerability December 1, 2025 CVE Number CVE-2024-53684 SUMMARY A cross-site request forgery csrf vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70...

CVE-2025-41706

The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality...

CVE-2025-41706 Phoenix Contact: Webserver Denial of Service through Malformed Content-Length

The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality...

CVE-2025-41706

CVE-2025-41706 affects the Phoenix Contact webserver used in the QUINT4-UPS/24DC/24DC/10/EIP family. The issue is a denial-of-service condition that an unauthenticated remote attacker can trigger by sending a specially crafted GET request with an over-long Content-Length header. The vulnerability...

EUVD-2025-34052

Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names...

EUVD-1999-1106

Malware in sbrugna...

EUVD-2017-1506

Malware in sbrugna...

EUVD-2020-21334

Malware in sbrugna...

EUVD-2001-0550

Malware in sbrugna...

EUVD-2021-20750

Malware in sbrugna...

EUVD-2013-2507

Malware in sbrugna...

EUVD-2017-1596

Malware in sbrugna...

EUVD-2020-1391

Malware in sbrugna...