38 matches found
JetBrains IntelliJ IDEA Arbitrary Local File Read (CVE-2026-41882)
The version of JetBrains IntelliJ IDEA installed on the remote host is prior to 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, or 2026.1.1. It is, therefore, affected by an arbitrary local file read vulnerability: - In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1...
CVE-2026-41882
In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...
EUVD-2026-26368
In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...
CVE-2026-41882
In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...
CVE-2026-41882
CVE-2026-41882 affects JetBrains IntelliJ IDEA prior to 2024.3.7.1 and versions 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, and 2026.1.1. The issue enables reading arbitrary local files via the built‑in web server. The root cause details are not provided in the given documents. A patch is indicated by th...
JetBrains IntelliJ IDEA 后置链接漏洞
JetBrains IntelliJ IDEA is an integrated development environment for Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, and 2026.1.1 have a post-link vulnerability. This vulnerability stems from issu...
PT-2026-36089
Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2024.3.7.1 JetBrains IntelliJ IDEA versions prior to 2025.1.7.1 JetBrains IntelliJ IDEA versions prior to 2025.2.6.2 JetBrains IntelliJ IDEA versions prior to 2025.3.4.1 JetBrains IntelliJ IDEA version...
CVE-2022-50890
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the...
PT-2026-2366
Name of the Vulnerable Software and Affected Versions Owlfiles File Manager version 12.0.1 Description Owlfiles File Manager version 12.0.1 contains a path traversal issue in its built-in HTTP server. This allows attackers to access system directories by crafting GET requests with directory...
The vulnerability of the built-in web server boa (/boafrm/formDosCfg) of the TOTOLINK X15 router’s microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the built-in web server boa /boafrm/formDosCfg of the TOTOLINK X15 router’s microprogramming software is related to the copying of buffers without checking the size of input data during the processing of the submit-url parameter. Exploiting this vulnerability allows a remote...
The vulnerability of the built-in web server boa (/boafrm/formDMZ) of TOTOLINK EX1200T router’s microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the built-in web server boa /boafrm/formDMZ of TOTOLINK EX1200T routers is caused by buffer overflow. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information by sending a specially crafted...
The vulnerability of the built-in web server boa (/boafrm/formFilter) of TOTOLINK EX1200T router microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the built-in web server boa /boafrm/formFilter of TOTOLINK EX1200T routers is caused by buffer overflow. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information by sending a specially crafte...
The vulnerability of the built-in web server boa (/boafrm/formDMZ) of TOTOLINK X15 router’s microprogramming software allows a perpetrator to execute arbitrary commands or cause service failure.
The vulnerability of the built-in web server boa /boafrm/formDMZ of TOTOLINK X15 router microprogramming software is related to the issue of the operation exceeding the buffer in memory when processing the submit-url parameter. Exploiting this vulnerability allows a remote attacker to execute...
CVE-2024-1220
A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of...
Design/Logic Flaw
An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b...
Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Neutralization of Special Elements Used in an OS Command (CVE-2021-32974)
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation (CVE-2021-32970)
Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions. This plugin only works with Tenable.ot. Please visit...
CVE-2022-48433
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server...
PT-2023-15777 · Jetbrains · Jetbrains Intellij Idea
Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to 2023.1 Description: The issue concerns the potential leak of NTLM hash through an API method in the built-in web server of JetBrains IntelliJ IDEA. Recommendations: For versions prior to 2023.1, updat...
CVE-2022-46826
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability...