CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/15 12:15 a.m.•11 views

CVE-2026-12200

Ritlabs TinyWeb Server (Windows, up to v1.94) is affected by a stack-based buffer overflow in the Header Handler’s libeay32.dll.html component. The vulnerability is triggered by manipulating the Authorization argument, allowing remote exploitation. An exploit has been disclosed publicly, and the ...

7.5CVSS8AI score0.00324EPSS

EUVD•added 2026/06/15 12:15 a.m.•7 views

EUVD-2026-36675

7.5CVSS8AI score0.00324EPSS

Cvelist•added 2026/06/15 12:15 a.m.•32 views

CVE-2026-12200 Ritlabs TinyWeb Server Header libeay32.dll.html stack-based overflow

7.5CVSS0.00324EPSS

Vulnrichment•added 2026/06/15 12:15 a.m.•5 views

CVE-2026-12200 Ritlabs TinyWeb Server Header libeay32.dll.html stack-based overflow

7.5CVSS7.9AI score0.00324EPSS

Positive Technologies•added 2026/06/15 12:0 a.m.•6 views

PT-2026-49150

7.5CVSS6AI score0.00324EPSS

Exploits0References6

EUVD•added 2026/03/06 2:54 a.m.•6 views

EUVD-2026-9972

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...

9.2CVSS6AI score0.00387EPSS

Exploits1References2

Cvelist•added 2026/03/06 2:51 a.m.•31 views

CVE-2026-28497 TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...

9.3CVSS0.00467EPSS

Exploits1References2

EUVD•added 2026/02/25 11:7 p.m.•6 views

EUVD-2026-8765

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...

8.7CVSS5.7AI score0.00436EPSS

Exploits0References3

Cvelist•added 2026/02/25 10:58 p.m.•25 views

CVE-2026-27613 CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS and EscapeShellParam)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...

10CVSS0.00748EPSS

Exploits0References4

Positive Technologies•added 2026/02/25 12:0 a.m.•6 views

PT-2026-22039

Name of the Vulnerable Software and Affected Versions TinyWeb versions prior to 2.02 Description TinyWeb is a web server written in Delphi for Win32. Versions prior to 2.02 are susceptible to a Denial of Service DoS condition caused by memory exhaustion. An unauthenticated remote attacker can sen...

8.7CVSS6AI score0.00436EPSS

Exploits0References11

NVD•added 2026/01/12 7:16 p.m.•5 views

CVE-2026-22781

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows CreateProcess. An...

10CVSS0.02174EPSS

Exploits0References3

CNNVD•added 2026/01/12 12:0 a.m.•4 views

TinyWeb Server 操作系统命令注入漏洞

TinyWeb Server is a web server by Maxim Masiutin, an individual developer. An operating system command injection vulnerability exists in versions of TinyWeb Server prior to 1.98, which stems from passing commands via CGI ISINDEX style query parameters, which could lead to an OS command injection...

10CVSS7.3AI score0.02174EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-46436

Malicious code in bioql PyPI...

6.9CVSS5.6AI score0.00669EPSS

Exploits1References4

RedhatCVE•added 2025/05/23 8:28 a.m.•5 views

CVE-2024-5193

A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

6.9CVSS5.8AI score0.00669EPSS

Exploits1References1

NVD•added 2024/05/22 11:15 a.m.•6 views

CVE-2024-5193

OSV•added 2024/05/22 11:15 a.m.•3 views

CVE-2024-5193

6.9CVSS6AI score0.00669EPSS

Vulnrichment•added 2024/05/22 10:31 a.m.•19 views

CVE-2024-5193 Ritlabs TinyWeb Server Request crlf injection

Cvelist•added 2024/05/22 10:31 a.m.•16 views

CVE-2024-5193 Ritlabs TinyWeb Server Request crlf injection

CVE•added 2024/05/22 10:31 a.m.•49 views

CVE-2024-5193

CVE-2024-5193 affects Ritlabs TinyWeb Server 1.94. The vulnerability arises in the Request Handler where crafting input containing %0D%0A enables CRLF injection. It can be exploited remotely, and public disclosures exist. Upgrading to TinyWeb Server 1.99 mitigates the issue; the patch identifier ...