Lucene search
K

19028 matches found

CVE
CVE
added 2026/04/06 9:38 p.m.12 views

CVE-2026-35471

goshs (Go SimpleHTTPServer) contains a path-traversal vulnerability in tdeleteFile() where a missing return after the traversal check allowed deletion of files outside the webroot. This is fixed in version 2.0.0-beta.3; upgrading to 2.0.0-beta.3 or newer is recommended. OpenSUSE and Red Hat advis...

9.8CVSS7.2AI score0.00683EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/04/06 8:50 p.m.8 views

EUVD-2026-19490

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload directory not sanitized. This vulnerability is fixed in 2.0.0-beta.3...

9.8CVSS7.3AI score0.00683EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/06 8:48 p.m.20 views

CVE-2026-35392 goshs has an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in httpserver/updown.go has no path sanitization. This vulnerability is fixed in 2.0.0-beta.3...

9.8CVSS0.00683EPSS
Exploits1References1
NVD
NVD
added 2026/04/05 8:16 a.m.2 views

CVE-2026-5548

A vulnerability was found in Tenda AC10 16.03.10.10multiTDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated remotely...

9CVSS0.00571EPSS
Exploits0References5
NVD
NVD
added 2026/04/05 8:16 a.m.3 views

CVE-2026-5547

A vulnerability has been found in Tenda AC10 16.03.10.10multiTDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected...

8.8CVSS0.01908EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/05 7:15 a.m.3 views

CVE-2026-5547 Tenda AC10 httpd formAddMacfilterRule os command injection

A vulnerability has been found in Tenda AC10 16.03.10.10multiTDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected...

6.5CVSS6.3AI score0.01908EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/05 12:30 a.m.4 views

EUVD-2026-19001

A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been...

7.5CVSS6.7AI score0.00362EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/04/03 11:25 p.m.4 views

SUSE CVE-2026-34230

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...

5.3CVSS5.7AI score0.0043EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.6 views

SUSE CVE-2026-34763

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/03 9:58 p.m.7 views

goshs: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)

Summary deleteFile missing return after path traversal check | httpserver/handler.go:645-671 The finding affects the default configuration, no flags or authentication required. Details File: httpserver/handler.go:645-671 Trigger: GET /?delete handler.go:157-160 dispatches to deleteFile The functi...

9.8CVSS6.1AI score0.00683EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/04/02 9:32 p.m.3 views

EUVD-2023-60547

HiSecOS web server contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative acce...

8.5CVSS5.9AI score0.00142EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/02 9:32 p.m.2 views

EUVD-2023-60544

HiSecOS web server contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this flaw to gain full administrative acce...

8.8CVSS5.9AI score0.00265EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 8:36 p.m.2 views

EUVD-2026-18478

Rack::Request accepts invalid Host characters, enabling host allowlist bypass...

4.8CVSS5.8AI score0.00192EPSS
Exploits1References2
NVD
NVD
added 2026/04/02 8:16 p.m.5 views

CVE-2023-7343

Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an administrator opens a maliciously crafted project file. Successful exploitation allows the attacker to execute code in the context of the HiVision...

8.5CVSS0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/02 7:56 p.m.15 views

CVE-2023-7343 Belden Industrial HiVision Arbitrary Code Execution via Malicious Project File

Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an administrator opens a maliciously crafted project file. Successful exploitation allows the attacker to execute code in the context of the HiVision...

8.5CVSS0.00142EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 7:56 p.m.1 views

CVE-2023-7343

Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an administrator opens a maliciously crafted project file. Successful exploitation allows the attacker to execute code in the context of the HiVision...

8.5CVSS6.4AI score0.00142EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/02 7:56 p.m.11 views

CVE-2023-7343

The CVE-2023-7343 entry concerns the HiSecOS web server where an authenticated operator/auditor can escalate to administrator by sending specially crafted packets. The core issue is a privilege-escalation vulnerability that can grant full administrative access to the affected device. The provided...

8.5CVSS5.8AI score0.00142EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 7:56 p.m.2 views

CVE-2023-7343 Belden Industrial HiVision Arbitrary Code Execution via Malicious Project File

Hirschmann Industrial HiVision versions 05.0.00 through 08.3.01 prior to 08.3.02 contain an arbitrary code execution vulnerability triggered when an administrator opens a maliciously crafted project file. Successful exploitation allows the attacker to execute code in the context of the HiVision...

8.5CVSS6.4AI score0.00142EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 7:16 p.m.3 views

CVE-2023-7342

HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can exploit this fla...

8.8CVSS0.00265EPSS
Exploits0References2
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.219 views

HTTPS Fetch

Fetch and execute an x86 payload from an HTTPS server. Module Options msf use payload/cmd/windows/https/x86/powershellbindtcp msf payloadpowershellbindtcp show actions ...actions... msf payloadpowershellbindtcp set ACTION msf payloadpowershellbindtcp show options ...show and set options... msf...

5.5AI score
Exploits0
Rows per page
Query Builder