PT-2026-45945

Name of the Vulnerable Software and Affected Versions nginx affected versions not specified Apache affected versions not specified IIS affected versions not specified Envoy affected versions not specified Pingora affected versions not specified Description The HTTP/2 Bomb is a remote Denial of...

CVE-2026-5261 Shandong Hoteam InforCenter PLM BaseHandler.ashx uploadFileToIIS unrestricted upload

A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit i...

CVE-2026-1694

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information...

EUVD-2026-8838

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information...

CVE-2026-1694

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information...

CVE-2026-1694 Server configuration details in HTTP headers

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information...

CVE-2026-1694

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information...

CVE-2026-1694 Server configuration details in HTTP headers

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information...

PT-2026-22126

Name of the Vulnerable Software and Affected Versions PcVue versions 12.0.0 through 16.3.3 Description The default configuration of IIS and ASP.net adds HTTP headers that are not removed during the deployment of webservices used by the WebVue, WebScheduler, TouchVue, and SnapVue features. This...

CVE-2026-26335

CVE-2026-26335 affects Calero VeraSMART web applications running on IIS where VeraSMART versions prior to 2022 R1 store static machineKey values in web.config. The static keys allow an attacker to craft a valid ASP.NET ViewState payload, bypassing integrity checks and enabling server-side deseria...

Realtek IIS Codec Service 代码问题漏洞

The Realtek IIS Codec Service is a backend service for audio decoders provided by Realtek Semiconductor in China. Version 6.4.10041.133 of the Realtek IIS Codec Service contains a code vulnerability. This vulnerability stems from the lack of quotation marks around the service path, which may allo...

CVE-2009-4444

Microsoft Internet Information Services IIS 5.x and 6.x uses only the portion of a filename before a ; semicolon character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a 1 .asp, 2...

CVE-2003-1582

Microsoft Internet Information Services IIS 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inver...

CVE-1999-0725

When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page"...

CVE-2025-1029

Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7...

CVE-2025-46294

To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This...

CVE-2025-46294

To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This...

FileMaker Server 安全漏洞

FileMaker Server is an enterprise-class database server software from FileMaker, Inc. for managing and sharing FileMaker databases. A security vulnerability exists in FileMaker Server, which stems from the IIS short filename enumeration feature and could lead to information disclosure...

CVE-2025-62572

Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally...

CVE-2025-13127 XSS in TACAS Consulting's GoldenHorn

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in TAC Information Services Internal and External Trade Inc. GoldenHorn allows Cross-Site Scripting XSS.This issue affects GoldenHorn: before 4.25.1121.1...