Lucene search
K
Civetweb ProjectCivetweb

4 matches found

CVE
CVE
added 2021/10/21 3:42 p.m.152 views

CVE-2020-27304

CVE-2020-27304 relates to CivetWeb’s form-based file upload handling: when running on non-Windows OS, uploaded file paths are not validated, enabling directory traversal if a web app uses user-controlled filename segments in output paths. Public sources in connected docs tie this to Siemens SCALA...

9.8CVSS9.3AI score0.03138EPSS
CVE
CVE
added 2025/08/29 12:0 a.m.61 views

CVE-2025-55763

CVE-2025-55763 describes a buffer overflow in CivetWeb’s URI parser (versions 1.14–1.16) that can be triggered by a crafted HTTP request, allowing a remote attacker to potentially execute arbitrary code or cause a denial of service by corrupting heap memory during request processing. The connecte...

7.5CVSS8.3AI score0.01116EPSS
CVE
CVE
added 2018/06/22 7:0 p.m.44 views

CVE-2018-12684

CivetWeb up to version 1.10 contains an out-of-bounds read in the send_ssi_file function (civetweb.c) that allows an attacker to cause a Denial of Service or Information Disclosure via a crafted SSI file. The CVE description specifies affected software and root cause; no explicit exploit details ...

7.1CVSS6.5AI score0.01052EPSS
CVE
CVE
added 2026/04/21 2:22 p.m.24 views

CVE-2026-5789

CVE-2026-5789 affects CivetWeb v1.16. The root cause is an unquoted search path in the service configuration, allowing a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory scanned before the application path (e.g., C:\Program Files\C...

8.5CVSS6.1AI score0.00139EPSS