Lucene search
+L

1623 matches found

nuclei
nuclei
added 5 hours ago142 views

AfterLogic Aurora and WebMail Pro < 7.7.9 - Information Disclosure

AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP GET request to WebDAV EndPoint with built-in “caldavpublicuser@localhost” and it’s the predefined password “caldavpublicuser” allows the attacker to read all fil...

7.5CVSS7AI score0.16899EPSS
Exploits2References5
nuclei
nuclei
added 5 hours ago43 views

NextChat - Server-Side Request Forgery

NextChat v2.12.3 suffers from a Server-Side Request Forgery SSRF and Cross-Site Scripting vulnerability due to a lack of validation of the GET parameter on the WebDav API endpoint. id: CVE-2024-38514 info: name: NextChat - Server-Side Request Forgery author: DhiyaneshDk severity: high description...

7.4CVSS6.1AI score0.02186EPSS
Exploits0References4
nvd
nvd
added yesterday6 views

CVE-2026-54563

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, a Cloudreve WebDAV account rooted at a configured folder can send paths such as /dav/%2e%2e/outside.txt because stripPrefix in pkg/webdav/webdav.go joins the decoded request suffix to the account root with...

7.1CVSS
Exploits0References1
cve
cve
added yesterday9 views

CVE-2026-54560

CVE-2026-54560 affects Cloudreve prior to version 4.16.1, where OAuth access tokens could be issued without the OAuth client_id claim. The missing client_id causes the JWT verifier to not load token scopes into the request context, making RequiredScopes treat the request as unscoped session authe...

7.6CVSS6.1AI score
Exploits0References3
euvd
euvd
added yesterday6 views

EUVD-2026-44688

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, a Cloudreve WebDAV account rooted at a configured folder can send paths such as /dav/%2e%2e/outside.txt because stripPrefix in pkg/webdav/webdav.go joins the decoded request suffix to the account root with...

7.1CVSS6.1AI score
Exploits0References1
cvelist
cvelist
added yesterday28 views

CVE-2026-54563 Cloudreve: Path Traversal / Broken Access Control in Cloudreve WebDAV (`/dav`) — scoped DAV credential escapes its configured account root

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, a Cloudreve WebDAV account rooted at a configured folder can send paths such as /dav/%2e%2e/outside.txt because stripPrefix in pkg/webdav/webdav.go joins the decoded request suffix to the account root with...

7.1CVSS
Exploits0References1
cve
cve
added yesterday9 views

CVE-2026-54563

Cloudreve CVE-2026-54563 describes a path traversal / broken access control in the WebDAV interface under /dav. Before version 4.16.1, a WebDAV account rooted at a configured folder could send paths like /dav/%2e%2e/outside.txt because stripPrefix in pkg/webdav/webdav.go joins the decoded request...

7.1CVSS6.1AI score
Exploits0References1
fedora
fedora
added 2026/07/05 1:10 a.m.14 views

[SECURITY] Fedora 44 Update: nextcloud-33.0.6-1.fc44

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

8.7CVSS7.1AI score0.01041EPSS
Exploits8
osv
osv
added 2026/07/01 9:56 p.m.3 views

GHSA-3WHC-QVHV-XQJP goshs: WebDAV listener ignores --read-only, --upload-only, and --no-delete mode flags

WebDAV listener ignores --read-only, --upload-only, and --no-delete mode flags Ecosystem: Go Package: goshs.de/goshs/v2 github.com/patrickhener/goshs Affected: /tmp/r/x.txt goshs -p 18000 -wp 18001 -w -ro -d /tmp/r -b admin:pw & curl -u admin:pw -X PUT http://localhost:18000/y.txt --data x 403 HT...

8.1CVSS5.8AI score
Exploits0References2
redhat
redhat
added 2026/07/01 9:31 a.m.5 views

httpd: Apache httpd mod_dav_fs: Denial of Service due to path handling issue

A flaw was found in the moddavfs module of Apache HTTP Server. A WebDAV Web Distributed Authoring and Versioning content author could exploit a path handling issue to directly manipulate trusted DAV property databases. This manipulation could potentially lead to child process crashes, resulting i...

9.1CVSS5.8AI score0.00538EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.13 views

PT-2026-54775

Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.10 Description When the WebDAV listener is enabled using the -w flag, the software fails to enforce mode-restriction flags on the WebDAV port. While the primary HTTP port correctly respects the --read-only,...

8.1CVSS6AI score
Exploits0References5
osv
osv
added 2026/06/29 9:45 a.m.3 views

SUSE-SU-2026:2675-1 Security update for tomcat

This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165. -...

9.8CVSS5.9AI score0.01339EPSS
Exploits2References15
nessus
nessus
added 2026/06/22 12:0 a.m.7 views

Amazon Linux 2 : httpd, --advisory ALAS2-2026-3379 (ALAS-2026-3379)

The version of httpd installed on the remote host is prior to 2.4.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3379 advisory. Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HT...

9.8CVSS6AI score0.00805EPSS
Exploits0References24
osv
osv
added 2026/06/20 6:56 a.m.2 views

SUSE-SU-2026:22195-1 Security update for tomcat

This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165. -...

9.8CVSS6.7AI score0.01339EPSS
Exploits2References15
osv
osv
added 2026/06/20 6:56 a.m.2 views

SUSE-SU-2026:22197-1 Security update for tomcat10

This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....

9.8CVSS6.7AI score0.01339EPSS
Exploits2References15
osv
osv
added 2026/06/20 6:53 a.m.4 views

OPENSUSE-SU-2026:21121-1 Security update for tomcat11

This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....

9.8CVSS6.7AI score0.01339EPSS
Exploits2References14
ubuntu
ubuntu
added 2026/06/18 3:56 p.m.22 views

USN-8450-1: Tomcat vulnerabilities

It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could possibly use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. CVE-2026-41284 It was discovered that Tomcat incorrectly validat...

9.8CVSS8.1AI score0.01339EPSS
Exploits1
fedora
fedora
added 2026/06/17 8:44 a.m.10 views

[SECURITY] Fedora 44 Update: nextcloud-33.0.5-1.fc44

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

8.1CVSS5.3AI score0.00392EPSS
Exploits0
fedora
fedora
added 2026/06/17 8:26 a.m.10 views

[SECURITY] Fedora 43 Update: nextcloud-33.0.5-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

8.1CVSS5.3AI score0.00392EPSS
Exploits0
nuclei
nuclei
added 2026/06/16 7:13 a.m.351 views

Windows Server 2003 & IIS 6.0 - Remote Code Execution

Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service that could allow remote attackers to execute arbitrary code via a long header beginning with "If http://" in a PROPFIND...

10CVSS9.5AI score0.99823EPSS
Exploits39References5
Rows per page
Query Builder