25 matches found
CVE-2026-8359
When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBinLoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not prese...
CVE-2026-40701
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpsslmodule module when the sslverifyclient directive is set to "on" or "optional," and the sslocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacke...
CVE-2026-33006
A flaw was found in the modauthdigest module of httpd. A remote unauthenticated attacker can bypass digest authentication by measuring timing discrepancies of requests. This issue leads to unauthorized access to resources protected by digest authentication. Mitigation Mitigation for this issue is...
Tenda F456 缓冲区错误漏洞
The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer overflow vulnerability. This vulnerability stems from the improper handling of the page parameter in the frmL7ProtForm function of the goform/L7Prot component in the http...
[SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-7.fc44
NGINX module for Brotli compression...
EUVD-2026-21990
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...
CVE-2026-30809
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...
CVE-2025-10685
CVE-2025-10685 describes a heap-based buffer overflow in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT Webserver modules. Affected versions are SW-PN up to 1.03 and SW-HT up to 1.42. The issue is functionally a buffer overflow in the webserver components, with high impact...
[SECURITY] Fedora 42 Update: nginx-mod-brotli-1.0.0~rc-6.fc42
NGINX module for Brotli compression...
[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-6.fc43
Nginx virtual host traffic status module...
TimeWorks vulnerable to path traversal
Overview The web server module of TimeWorks provided by Keiyo System Co., LTD contains the following vulnerability. Path traversal CWE-22 - CVE-2025-41428 Masamu Asato of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...
OESA-2025-1442 mod_auth_openidc security update
This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Par...
PT-2025-1197 · Unknown · Sante Pacs Server
Name of the Vulnerable Software and Affected Versions: Sante PACS Server affected versions not specified Description: This issue allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this issue. Th...
PT-2024-18089 · Unknown · Electrolink Fm/Dab/Tv Transmitter
Name of the Vulnerable Software and Affected Versions: Electrolink FM/DAB/TV Transmitter affected versions not specified Description: The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides ...
python: open redirection vulnerability in lib/http/server.py may lead to information disclosure
A vulnerability was found in python. This security flaw causes an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of the URI path. This issue may lead to information disclosure...
Siemens SICAM A8000 Web Server Module Improper Access Control (CVE-2021-46304)
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70C All versions, CP-8000 MASTER MODULE WITH I/O -40/+70C All versions, CP-8021 MASTER MODULE All versions, CP-8022 MASTER MODULE WITH GPRS All versions. The component allows to activate a web server module which provides...
多款F5产品 缓冲区错误漏洞
F5 BIG-IP and others are products of F5 Corporation, U.S.A. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features.F5 BIG-IQ is a software-based cloud management solution.F5 F5OS-A is an operati...
PYSEC-2022-254
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
Siemens SICAM A8000 CP-8000 安全漏洞
The SICAM A8000 RTU Remote Terminal Unit series is a modular device family for remote control and automation applications in all energy supply areas.An authentication bypass vulnerability exists in the Siemens SICAM A8000 Web Server Module, which is caused by the component allowing the activation...
CVE-2022-30033
Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status in httpd module...