23 matches found
CVE-2026-44578
Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the serve...
Prometheus exporter process crash via malformed HTTP request
Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You...
CVE-2022-50890 Owlfiles File Manager 12.0.1 - Path Traversal
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the...
Owlfiles 路径遍历漏洞
Owlfiles is a file manager from Owlfiles, Inc. A path traversal vulnerability exists in Owlfiles version 12.0.1, which stems from a path traversal vulnerability in the built-in HTTP server that could lead to accessing system directories...
EUVD-2025-29441
Malicious code in bioql PyPI...
EUVD-2025-14509
Malicious code in bioql PyPI...
The vulnerability of the built-in boa server (/boafrm/formSysLog) of TOTOLINK X15 router microprogramming software allows a intruder to cause a service failure.
The vulnerability of the built-in boa server /boafrm/formSysLog of TOTOLINK X15 router microprogramming software is related to the issue where the operation data is written outside the buffer in memory when processing the submit-url parameter. Exploiting this vulnerability allows a malicious acto...
The vulnerability of the built-in server boa (/boafrm/formWirelessTbl) of the TOTOLINK EX1200T router’s microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the built-in server boa /boafrm/formWirelessTbl of the TOTOLINK EX1200T router’s microprogramming software is related to the issue of the operation exceeding the buffer in memory when processing the submit-url parameter. Exploiting this vulnerability allows a malicious actor ...
GHSA-9P3P-W5JF-8XXG Kirby vulnerable to path traversal in the router for PHP's built-in server
TL;DR This vulnerability affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or Caddy are not affected. ---- Introduction For use with PHP's built-in web server, Kirby...
Kirby vulnerable to path traversal in the router for PHP's built-in server
TL;DR This vulnerability affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or Caddy are not affected. ---- Introduction For use with PHP's built-in web server, Kirby...
CVE-2025-30207 Kirby vulnerable to path traversal in the router for PHP's built-in server
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or...
CVE-2025-30207
Kirby (open-source CMS) is affected by a path traversal vulnerability in its router when using PHP’s built-in server. Versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 allow an attacker to navigate files outside the Kirby installation via the router delegating all existing files to PHP, enabling exi...
CVE-2025-30207 Kirby vulnerable to path traversal in the router for PHP's built-in server
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or...
PT-2025-20912 · Kirby · Kirby
Name of the Vulnerable Software and Affected Versions: Kirby versions prior to 3.9.8.3 Kirby versions prior to 3.10.1.2 Kirby versions prior to 4.7.1 Description: A vulnerability in Kirby affects setups that use PHP's built-in server, commonly used during local development. This issue allows...
PT-2023-27607 · Opto 22 · Snap Pac S1 Firmware
Name of the Vulnerable Software and Affected Versions: SNAP PAC S1 Firmware version R10.3b Description: An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completel...
JetBrains IntelliJ IDEA 路径遍历漏洞
JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2022.3, which stems from a built-in web server that allows arbitrary files to be read via a...
libkiwix 跨站脚本漏洞
libkiwix is a common code base for all Kiwix ports. A security vulnerability exists in libkiwix 10.0.0 and 10.0.1 that allows the use of XSS in the built-in web server functionality by searching for suggested URL parameters...
ON24 ScreenShare 代码问题漏洞
ON24 ScreenShare is a plugin for screen sharing from ON24 USA. A security vulnerability exists in versions of the ON24 ScreenShare aka DesktopScreenShare.app plugin prior to version 2.0 for macOS, which allows an attacker to conduct remote file access via its built-in HTTP server...
Disk Savvy Enterprise 10.4.18 Buffer Ovreflow Exploit
This Metasploit module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise version 10.4.18, caused by improper bounds checking of the request sent to the built-in server. This Metasploit module has been tested successfully on Windows 7 SP1 x86. This module requires...
Disk Savvy Enterprise v10.4.18
This module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise v10.4.18, caused by improper bounds checking of the request sent to the built-in server. This module has been tested successfully on Windows 7 SP1 x86. This module requires Metasploit:...