Lucene search
K

103202 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.5 views

CVE-2026-22209

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like alert1...

5.5CVSS5.6AI score0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:56 p.m.4 views

CVE-2019-25478

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make i...

8.7CVSS6.1AI score0.00492EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 12:59 p.m.12 views

CVE-2025-55271

CVE-2025-55271 affects HCL Aftermarket DPC via HTTP Response Splitting vulnerability. The available connected documents describe that an attacker may be able to execute arbitrary commands or inject harmful content depending on how the web application handles split responses. The PT-2026-28296 ent...

8.8CVSS6.1AI score0.00318EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/26 12:30 p.m.3 views

EUVD-2025-209046

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files x86\shttpsmg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority...

8.7CVSS6.1AI score0.00613EPSS
Exploits0References2
CVE
CVE
added 2026/03/26 12:20 p.m.6 views

CVE-2025-41359

The CVE-2025-41359 vulnerability affects Small HTTP Server 3.06.36, due to an unquoted service path for the executable at C:\Program Files (x86)\shttps_mg\http.exe. This misconfiguration enables a local attacker to place a higher-priority malicious executable with the same name, causing the servi...

8.5CVSS6.1AI score0.00155EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 12:20 p.m.2 views

CVE-2025-41359 Multiple vulnerabilities in Small HTTP server by Smallsrv

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files x86\shttpsmg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority...

8.5CVSS6.1AI score0.00155EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 12:16 p.m.4 views

CVE-2025-41368

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server...

8.7CVSS0.00613EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 11:37 a.m.21 views

CVE-2025-41368 Multiple vulnerabilities in Small HTTP server by Smallsrv

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server...

8.7CVSS0.00613EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/26 11:37 a.m.3 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2026/03/26 10:36 a.m.13 views

Security update for python310

This update for python310 fixes the following issues: Update to Python 3.10.20: CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. CVE-2025-12084: quadratic complexity in xml.minidom node ID cache cleari...

8.7CVSS5.9AI score0.01525EPSS
Exploits0References36
SUSE Linux
SUSE Linux
added 2026/03/26 9:46 a.m.3 views

Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to "MadeYouReset" DoS attack bsc1243895. CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM...

10CVSS7AI score0.99999EPSS
Exploits107References100
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.8 views

PT-2026-28285

Name of the Vulnerable Software and Affected Versions Small HTTP Server version 3.06.36 Description An authenticated path traversal issue exists in the Small HTTP Server service. A remote user can bypass the intended restrictions of the SecurityManager and potentially display any file if they hav...

8.7CVSS5.9AI score0.00613EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28284

Name of the Vulnerable Software and Affected Versions Small HTTP Server version 3.06.36 Description The issue involves an unquoted service path in Small HTTP Server. Specifically, the vulnerability affects the executable located at 'C:Program Files x86shttps mghttp.exe service'. This...

8.5CVSS6.1AI score0.00155EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

Small Http Server 代码问题漏洞

Small Http Server is a small HTTP server developed by Max Feoktistov. Version 3.06.36 of Small Http Server has code vulnerabilities. These vulnerabilities stem from service path paths that are not enclosed in quotes. This could allow local attackers to place malicious executable files in...

8.5CVSS5.9AI score0.00155EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 12:0 a.m.1 views

CVE-2026-29969

A cross-site scripting XSS vulnerability in the wffcolspref.css.aspx endpoint of staffwiki v7.0.1.19219 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted HTTP request...

5.9AI score0.00249EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.4 views

SUSE SLES15 / openSUSE 15 Security Update : salt (SUSE-SU-2026:1029-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1029-1 advisory. - Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725...

7.5CVSS6.8AI score0.01525EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.7 views

SUSE SLES15 Security Update : salt (SUSE-SU-2026:1028-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1028-1 advisory. - Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS vi...

7.5CVSS6.8AI score0.01525EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/03/25 10:32 p.m.25 views

CVE-2026-4825 SourceCodester Sales and Inventory System HTTP GET Parameter update_sales.php sql injection

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /updatesales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS0.00303EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/25 9:17 p.m.5 views

Vikjuna Bypasses Webhook SSRF Protections During OpenID Connect Avatar Download

Summary The DownloadImage function in pkg/utils/avatar.go uses a bare http.Client with no SSRF protection when downloading user avatar images from the OpenID Connect picture claim URL. An attacker who controls their OIDC profile picture URL can force the Vikunja server to make HTTP GET requests t...

7.4CVSS5.9AI score0.00395EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 9:14 p.m.9 views

Vikunja has SSRF via Todoist/Trello Migration File Attachment URLs that Allows Reading Internal Network Resources

Summary The migration helper functions DownloadFile and DownloadFileWithHeaders in pkg/modules/migration/helpers.go make arbitrary HTTP GET requests without any SSRF protection. When a user triggers a Todoist or Trello migration, file attachment URLs from the third-party API response are passed...

6.4CVSS6AI score0.00272EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder