CVE-2026-34355

A vulnerability has been identified in the Apache HTTP Server. If the server is configured to connect to a malicious or compromised backend server, an attacker could exploit this flaw to bypass security controls or run unauthorized code on the system. Mitigation Disable the modproxyhtml module if...

PT-2026-47316

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.68 Description A buffer overflow occurs in the mod proxy html module, which can be triggered by an untrusted backend. Recommendations Upgrade to version 2.4.68...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in sanitize-html

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of sanitize-html. Vulnerability Details CVEID:CVE-2024-21501 DESCRIPTION: Node.js sanitize-html module could allow a remote attacker to obtain sensitive information, caused by an error when used on the backend and with the...

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2021-23424 DESCRIPTION: Node.js ansi-html module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending a specially-crafted regex input, ...

Flash cms \module\html\h001\data.asp page SQL injection vulnerability

Flash Flash cms is Zibo Flash Network Technology Co., Ltd. developed a corporate website system. A SQL injection vulnerability exists in the Flash cms \module\html\h001\data.asp page. The vulnerability stems from the program's failure to filter the data submitted by the user. An attacker can...

Serva HTTP Server Denial of Service Vulnerability (CNVD-2016-12618)

Serva is a centralized multi-protocol G http server. A denial of service vulnerability exists in the HTML httpd module of Serva HTTP Server version 3.0.0.1001, which can be exploited by an attacker to cause a denial of service program crash...

Serva 3.0.0 HTTP Server - Denial of Service Exploit

Exploit for windows platform in category dos / poc !/usr/bin/env python Serva 3.0.0 HTTP Server Module Remote Denial of Service Exploit Vendor: Patrick Masotta Product web page: http://www.vercot.com Affected version: 3.0.0.1001 Community, Pro, 32/64bit Summary: Serva is a light 3 MB, yet powerfu...

Serva 3.0.0 HTTP Server Denial Of Service

!/usr/bin/env python Serva 3.0.0 HTTP Server Module Remote Denial of Service Exploit Vendor: Patrick Masotta Product web page: http://www.vercot.com Affected version: 3.0.0.1001 Community, Pro, 32/64bit Summary: Serva is a light 3 MB, yet powerful Microsoft Windows application. It was conceived...

PT-2014-1801

Name of the Vulnerable Software and Affected Versions lxml versions prior to 3.3.5 Description The issue is related to an incomplete blacklist vulnerability in the lxml.html.clean module, which allows remote attackers to conduct cross-site scripting XSS attacks via control characters in the link...

CVE-2012-2725

The CVE-2012-2725 issue affects the Drupal Authoring HTML module (6.x-1.x) prior to 6.x-1.1. It arises from improper validation of sources against the host whitelist in WhitelistedExternalFilter.php, allowing remote authenticated users to bypass access controls and perform cross-site scripting (X...