CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

RedhatCVE•added 2026/02/23 7:26 a.m.•9 views

CVE-2026-27480

Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...

5.3CVSS5.5AI score0.00349EPSS

Exploits1References1

NVD•added 2026/02/21 10:16 a.m.•8 views

CVE-2026-27480

5.3CVSS0.00349EPSS

Exploits1References2

Vulnrichment•added 2026/02/21 9:14 a.m.•5 views

CVE-2026-27480 Static Web Server: Timing-Based Username Enumeration in Basic Authentication

5.3CVSS5.5AI score0.00349EPSS

Exploits1References2

ATTACKERKB•added 2026/02/21 9:14 a.m.•4 views

CVE-2026-27480

5.3CVSS5.6AI score0.00349EPSS

Exploits1References3Affected Software1

OSV•added 2026/02/21 9:14 a.m.•7 views

CVE-2026-27480 Static Web Server: Timing-Based Username Enumeration in Basic Authentication

5.3CVSS5.7AI score0.00349EPSS

Exploits1References4

CVE•added 2026/02/21 9:14 a.m.•10 views

CVE-2026-27480

CVE-2026-27480 affects Static Web Server (SWS) versions 2.1.0 through 2.40.1. The vulnerability is a timing-based username enumeration in Basic Authentication: the server checks whether a username exists before validating the password, causing valid usernames to take a slower path (e.g., bcrypt h...

5.3CVSS5.6AI score0.00349EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/02/21 9:14 a.m.•20 views

CVE-2026-27480 Static Web Server: Timing-Based Username Enumeration in Basic Authentication

5.3CVSS0.00349EPSS

Exploits1References2

CNNVD•added 2026/02/21 12:0 a.m.•8 views

Static Web Server 安全漏洞

Static Web Server is a static web server developed by the German company Static Web Server. Versions 2.1.0 to 2.40.1 of Static Web Server contain security vulnerabilities. These vulnerabilities stem from time-based username enumeration in basic authentication, which may lead to brute-force attack...

5.3CVSS5.8AI score0.00349EPSS

Exploits1References2

RedhatCVE•added 2025/12/10 4:32 a.m.•7 views

CVE-2025-67487

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

8.6CVSS6.8AI score0.00349EPSS

Exploits0References1

NVD•added 2025/12/09 4:18 p.m.•3 views

CVE-2025-67487

8.6CVSS0.00349EPSS

Exploits0References2

Vulnrichment•added 2025/12/09 3:35 a.m.•2 views

CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal

6.9CVSS6.3AI score0.00349EPSS

Exploits0References2

EUVD•added 2025/12/09 3:35 a.m.•3 views

EUVD-2025-201823

6.9CVSS6.2AI score0.00349EPSS

Exploits0References3

CVE•added 2025/12/09 3:35 a.m.•14 views

CVE-2025-67487

The CVE refers to Static Web Server (SWS) where versions 2.40.0 and earlier fail to properly constrain symbolic links, allowing path traversal to files/directories outside the web root via URL or directory listings. Root cause: symlinks escaping the server’s root due to inadequate checks. Impact:...

8.6CVSS6.3AI score0.00349EPSS

Exploits0References2Affected Software1

OSV•added 2025/12/09 3:35 a.m.•3 views

CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal

6.9CVSS6.7AI score0.00349EPSS

Exploits0References4

CNNVD•added 2025/12/09 12:0 a.m.•1 views

Static Web Server 安全漏洞

Static Web Server is a static web server from the German company Static Web Server. A security vulnerability exists in Static Web Server version 2.40.0 and earlier, which stems from improper handling of symbolic links and could lead to a directory traversal attack...

8.6CVSS6.4AI score0.00349EPSS

Exploits0References2

Positive Technologies•added 2025/12/09 12:0 a.m.•3 views

PT-2025-49798

Name of the Vulnerable Software and Affected Versions Static Web Server versions 2.40.0 and below Description Static Web Server SWS is a web server designed for static web files. Versions 2.40.0 and below do not adequately prevent symbolic links symlinks from being used to access files and...

8.6CVSS6.6AI score0.00349EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-0399

Malware in sbrugna...

7.5CVSS7.6AI score0.02005EPSS

Exploits1References7

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-1781

Malicious code in bioql PyPI...

5.8CVSS6.5AI score0.00369EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 8:35 a.m.•5 views

CVE-2024-32966

Static Web Server SWS is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like .txt will allow JavaScript code...

5.8CVSS6.7AI score0.00369EPSS

Exploits0References1

Github Security Blog•added 2024/05/01 4:39 p.m.•23 views

static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names

Summary If directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like .txt will allow JavaScript code execution in the context of the web server’s domain. Details SWS generally does not perform escaping of HTML entities on any value...

5.8CVSS6.3AI score0.00369EPSS

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by