Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
http server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1884
This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an malicious user to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.
NA
CVE_2021_38647
CVE-2021-38647 AKA "OMIGOD" A Zeek package which detects CVE-2021-38647 AKA OMIGOD exploit attempts. https://corelight.com/blog/detecting-cve-2021-38647-omigod https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure https://msrc.microsoft.com/update-guide/v...
1 Github repository
NA
CVE-2023-49785
NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also wri...
NA
CVE-2024-26566
An issue in Cute Http File Server v.3.1 allows a remote malicious user to escalate privileges via the password verification component.
NA
CVE-2024-1624
An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Release 2024 and CATIA Compos...
1 Github repository
NA
CVE-2024-0403
Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. This is possible because the application is vulnerable to SSRF.
NA
CVE-2024-1953
Mattermost versions 8.1.x prior to 8.1.9, 9.2.x prior to 9.2.5, 9.3.0, and 9.4.x prior to 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated malicious user to cause the server to run out of memory and crash by issuing an unusually large...
NA
CVE-2024-22201
Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing...
NA
CVE-2022-34357
IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service un...
10
CVSSv3
CVE-2023-45318
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »