Lucene search
K

230 matches found

CVE
CVE
added 2026/04/26 11:0 a.m.14 views

CVE-2026-7034

CVE-2026-7034 affects Tenda FH1202 (firmware 1.2.0.14(408)) in the httpd component, specifically the WrlExtraSet function in /goform/WrlExtraSet. The issue is a stack-based buffer overflow triggered by manipulating the Go argument, leading to potential remote control of affected devices. An explo...

9CVSS8.8AI score0.00619EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/04/12 8:15 a.m.34 views

CVE-2026-6123 Tenda F451 httpd addressNat fromAddressNat stack-based overflow

A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has...

9CVSS0.00518EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/12 7:30 a.m.4 views

CVE-2026-6122 Tenda F451 httpd L7Prot frmL7ProtForm stack-based overflow

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...

9CVSS6.3AI score0.00541EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/12 6:0 a.m.28 views

CVE-2026-6120 Tenda F451 httpd DhcpListClient fromDhcpListClient stack-based overflow

A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public a...

9CVSS0.00673EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/09 6:31 p.m.4 views

EUVD-2026-20982

A vulnerability was detected in Tenda CH22 1.0.0.6468. This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used...

7.5CVSS6.8AI score0.00537EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/04/07 12:28 p.m.3 views

CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)

Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...

8.3CVSS5.9AI score0.0053EPSS
Exploits0References6
CVE
CVE
added 2026/04/05 7:30 a.m.13 views

CVE-2026-5548

CVE-2026-5548 affects Tenda AC10 (firmware 16.03.10.10_multi_TDE01). The vulnerability targets the function fromSysToolChangePwd in /bin/httpd, where manipulating the argument sys.userpass triggers a stack-based buffer overflow. Remote initiation is possible, indicating potential remote code exec...

9CVSS7.8AI score0.00571EPSS
Exploits0References5Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/03/27 8:18 a.m.34 views

Multiple vulnerabilities in BUFFALO Wi-Fi routers

Overview Wi-Fi router products provided by BUFFALO INC. contain multiple vulnerabilities listed below. Dependency on vulnerable third-party component CWE-1395 - This issue is caused by a vulnerability in minihttpd CVE-2015-1548. OS command injection CWE-78 - CVE-2026-27650 Code injection CWE-94 -...

9.8CVSS7.3AI score0.01335EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27173

A Denial-of-Service DoS vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption,...

7.1CVSS5.8AI score0.00292EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.5 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1365)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3CVSS5.8AI score0.015EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.4 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1338)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3CVSS5.8AI score0.015EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.3 views

EulerOS 2.0 SP13 : httpd (EulerOS-SA-2026-1278)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exe...

8.3CVSS5.9AI score0.015EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 1:32 a.m.3 views

CVE-2026-3275 Tenda F453 httpd addressNat fromAddressNat buffer overflow

A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Executing a manipulation of the argument entrys can lead to buffer overflow. The attack may be performed from remote. The exploit has been made...

9CVSS7.6AI score0.00773EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/27 12:32 a.m.21 views

CVE-2026-3273 Tenda F453 httpd AdvSetWrlsafeset formWrlsafeset buffer overflow

A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component httpd. Such manipulation of the argument mitssidindex leads to buffer overflow. The attack can be executed remotely. The exploi...

9CVSS0.00632EPSS
Exploits1References5
EUVD
EUVD
added 2026/02/27 12:31 a.m.5 views

EUVD-2026-8969

A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly...

9CVSS8.4AI score0.00746EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2026/02/02 12:0 a.m.8 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1171)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS8.1AI score0.0097EPSS
Exploits1References2
OSV
OSV
added 2026/01/22 4:39 p.m.4 views

CLSA-2026-1769099972 httpd: Fix of 2 CVEs

CVE-2025-65082: fix CGI environment variable injection by preventing HTTP headers from overriding server-set variables and added regression tests - CVE-2025-66200: prevent suexec bypass by removing request notes usage and rejecting the undocumented RequestHeader note option...

6.5CVSS6.6AI score0.00758EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.11 views

Azure Linux 3.0 Security Update: httpd (CVE-2024-38473)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38473 advisory. - Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect...

8.1CVSS5.5AI score0.25878EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 7 : httpd-2.4.6-97.5.0.1.el7.AXS7 (AXSA:2022-3128:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3128:02 advisory. httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling CVE-2022-22720 Tenable has extracted the preceding description...

9.8CVSS8.2AI score0.28189EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.9 views

MiracleLinux 7 : httpd-2.4.6-97.1.0.1.el7.AXS7 (AXSA:2021-2480:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2480:01 advisory. httpd: modproxy: SSRF via a crafted request uri-path containing unix: CVE-2021-40438 Tenable has extracted the preceding description block directly from the...

9CVSS8.2AI score0.99999EPSS
Exploits5References2
Rows per page
Query Builder