846 matches found
MiracleLinux 7 : rh-nodejs14-nodejs-14.21.3-5.el7 (AXSA:2024-7339:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7339:01 advisory. rh-nodejs14-nodejs: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 Tenable has extracted the...
CVE-2021-47795
GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access...
CVE-2023-25289
Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request...
CVE-2001-1510
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server JWS, and possibly other web servers allows remote attackers to read arbitrary files and directories by appending 1 "%3f.jsp", 2 "?.jsp" or 3 "?" to the requested URL...
CVE-2021-33820
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service...
CVE-2022-0130
Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable....
PT-2026-2207
CVE-2026-22577 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2026-22577 Published : Jan. 8, 2026, 4:15 a.m. | 4 hours, 4 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...
httpd: Apache HTTP Server: CGI environment variable override
A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...
CVE-2025-67073
The CVE-2025-67073 entry describes a buffer overflow in the httpd binary of Tenda AC10V4.0 (v16.03.10.20) in the function fromAdvSetMacMtuWan. A crafted POST payload targeting the field serviceName to /goform/AdvSetMacMtuWan can cause a denial of service and potentially code execution. Public sou...
PT-2025-51158
Name of the Vulnerable Software and Affected Versions Tenda AC20 version 16.03.08.12 Description A stack-based buffer overflow exists in the formSetPPTPUserList function within the httpd component. This issue is triggered by manipulating the argument list. The attack can be executed remotely. The...
CVE-2024-58306
minaliC 2.0.0 contains a denial of service vulnerability that allows remote attackers to crash the web server by sending oversized GET requests. Attackers can send crafted HTTP requests with excessive data to overwhelm the server and cause service interruption...
CVE-2025-26487
CVE-2025-26487 describes a Server-Side Request Forgery (SSRF) in Infinera MTC-9 web server. Affected component: Infinera MTC-9; root cause and exact affected versions are not detailed in the provided documents. Impact: remote unauthenticated users can access other network resources by sending HTT...
UBUNTU-CVE-2025-58098
Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...
CVE-2025-12097 Relative Path Traversal Vulnerability in NI System Web Server
There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure. Successful exploitation requires an attacker to send a specially crafted request to the NI System Web Server, allowing the attacker to read arbitrary files. This vulnerability...
EUVD-2025-198155
The ITEL ISO FM SFN Adapter firmware ISO2 2.0.0.0, WebServer 2.0 is vulnerable to session hijacking due to improper session management on the /home.html endpoint. An attacker can access an active session without authentication, allowing them to control the device, modify configurations, and...
CVE-2025-8727
There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability...
EUVD-2025-197903
An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50ABVY.6.3C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service DoS attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt...
EUVD-2025-175339
A stack-based buffer overflow exists in the getmergeipaddr function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function concatenates up to four user-supplied CGI parameters matching 03 into a fixed-size buffer a2 without bounds checking. Remote attacke...
CVE-2025-60691
The CVE-2025-60691 entry describes a stack-based buffer overflow in Linksys E1200 v2 routers (httpd: apply_cgi and block_cgi) where user input from the url parameter is copied into small stack buffers with sprintf without bounds checking. This can allow remote code execution or denial of service ...
Linksys E1200 安全漏洞
The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause the execution of arbitrary code or a denial of service...