Lucene search
K

48 matches found

CVE
CVE
added yesterday7 views

CVE-2026-46458

CVE-2026-46458 affects ICU Scandinavia Boomerang. An information-disclosure flaw allows an unauthenticated attacker to retrieve plaintext credentials by requesting specific XML files from the webroot over static HTTP. The root cause is exposure of sensitive credential files via static HTTP paths....

7.1CVSS6.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/23 7:26 a.m.13 views

CVE-2026-27480

Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...

5.3CVSS5.5AI score0.00349EPSS
Exploits1References1
NVD
NVD
added 2026/02/21 10:16 a.m.12 views

CVE-2026-27480

Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...

5.3CVSS0.00349EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/21 9:14 a.m.6 views

CVE-2026-27480

Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...

5.3CVSS5.6AI score0.00349EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/21 9:14 a.m.21 views

CVE-2026-27480

CVE-2026-27480 affects Static Web Server (SWS) versions 2.1.0 through 2.40.1. The vulnerability is a timing-based username enumeration in Basic Authentication: the server checks whether a username exists before validating the password, causing valid usernames to take a slower path (e.g., bcrypt h...

5.3CVSS5.6AI score0.00349EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/21 9:14 a.m.8 views

CVE-2026-27480 Static Web Server: Timing-Based Username Enumeration in Basic Authentication

Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...

5.3CVSS5.7AI score0.00349EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/21 9:14 a.m.24 views

CVE-2026-27480 Static Web Server: Timing-Based Username Enumeration in Basic Authentication

Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...

5.3CVSS0.00349EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/21 9:14 a.m.5 views

CVE-2026-27480 Static Web Server: Timing-Based Username Enumeration in Basic Authentication

Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...

5.3CVSS5.5AI score0.00349EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.12 views

Static Web Server 安全漏洞

Static Web Server is a static web server developed by the German company Static Web Server. Versions 2.1.0 to 2.40.1 of Static Web Server contain security vulnerabilities. These vulnerabilities stem from time-based username enumeration in basic authentication, which may lead to brute-force attack...

5.3CVSS5.8AI score0.00349EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/11 12:0 a.m.5 views

EUVD-2025-202709

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup. This may result in...

7.3CVSS7.2AI score0.00105EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/10 4:32 a.m.9 views

CVE-2025-67487

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

8.6CVSS6.8AI score0.00362EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:18 p.m.6 views

CVE-2025-67487

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

8.6CVSS0.00362EPSS
Exploits0References2
CVE
CVE
added 2025/12/09 3:35 a.m.29 views

CVE-2025-67487

The CVE refers to Static Web Server (SWS) where versions 2.40.0 and earlier fail to properly constrain symbolic links, allowing path traversal to files/directories outside the web root via URL or directory listings. Root cause: symlinks escaping the server’s root due to inadequate checks. Impact:...

8.6CVSS6.3AI score0.00362EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/12/09 3:35 a.m.4 views

EUVD-2025-201823

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

6.9CVSS6.2AI score0.00362EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/09 3:35 a.m.2 views

CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

6.9CVSS6.3AI score0.00362EPSS
Exploits0References2
OSV
OSV
added 2025/12/09 3:35 a.m.10 views

CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

6.9CVSS6.7AI score0.00362EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.8 views

PT-2025-49798

Name of the Vulnerable Software and Affected Versions Static Web Server versions 2.40.0 and below Description Static Web Server SWS is a web server designed for static web files. Versions 2.40.0 and below do not adequately prevent symbolic links symlinks from being used to access files and...

8.6CVSS6.6AI score0.00362EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

Static Web Server 安全漏洞

Static Web Server is a static web server from the German company Static Web Server. A security vulnerability exists in Static Web Server version 2.40.0 and earlier, which stems from improper handling of symbolic links and could lead to a directory traversal attack...

8.6CVSS6.4AI score0.00362EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-0399

Malware in sbrugna...

7.5CVSS7.6AI score0.02005EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-1781

Malicious code in bioql PyPI...

5.8CVSS6.5AI score0.00369EPSS
Exploits0References4
Rows per page
Query Builder