| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4132 | HTTP Headers <= 1.19.2 - Authenticated (Administrator+) External Control of File Name or Path to RCE via 'hh_htpasswd_path' and 'hh_www_authenticate_user' Parameters | zinoui | HTTP Headers | High | 7.2 | 2026-04-22 07:45:41 | Deep Dive |
| CVE-2026-2717 | HTTP Headers <= 1.19.2 - Authenticated (Administrator+) CRLF Injection via Custom Header Values | zinoui | HTTP Headers | Medium | 5.5 | 2026-04-22 07:45:37 | Deep Dive |
| CVE-2026-1379 | HTTP Headers <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Headers' Plugin Setting | zinoui | HTTP Headers | Medium | 4.4 | 2026-04-22 07:45:30 | Deep Dive |
| CVE-2026-34291 | Oracle HTTP Server 安全漏洞 | Oracle Corporation | Oracle HTTP Server | High | 8.7 | 2026-04-21 20:35:26 | Deep Dive |
| CVE-2025-13826 | Incorrect input validation on the Zervit portable HTTP/Web server | Zervit | portable HTTP/Web server | - | - | 2026-04-21 08:19:58 | Deep Dive |
| CVE-2026-40490 | AsyncHttpClient leaks authorization credentials to untrusted domains on cross-origin redirects | AsyncHttpClient | async-http-client | Medium | 6.8 | 2026-04-18 01:31:14 | Deep Dive |
| CVE-2026-40255 | @adonisjs/http-server has an Open Redirect vulnerability | adonisjs | http-server | Medium | 6.1 | 2026-04-16 22:25:38 | Deep Dive |
| CVE-2026-33805 | @fastify/reply-from vulnerable to connection header abuse enabling stripping of proxy-added headers | @fastify/reply-from | @fastify/reply-from | 中危 | - | 2026-04-15 10:13:25 | Deep Dive |
| CVE-2026-3256 | HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids | KTAT | HTTP::Session | 中危 | - | 2026-03-28 18:52:40 | Deep Dive |
| CVE-2025-41359 | Multiple vulnerabilities in Small HTTP server by Smallsrv | Smallsrv | Small HTTP | 高危 | - | 2026-03-26 12:20:04 | Deep Dive |
| CVE-2025-41368 | Multiple vulnerabilities in Small HTTP server by Smallsrv | Smallsrv | Small HTTP | 高危 | - | 2026-03-26 11:37:53 | Deep Dive |
| CVE-2025-69219 | Apache Airflow Providers Http: Unsafe Pickle Deserialization in apache-airflow-providers-http leading to RCE via HttpOperator | Apache Software Foundation | Apache Airflow Providers Http | - | - | 2026-03-09 10:19:58 | Deep Dive |
| CVE-2018-25160 | HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend | TOKUHIROM | HTTP::Session2 | 中危 | - | 2026-02-27 20:15:31 | Deep Dive |
| CVE-2026-3255 | HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function | TOKUHIROM | HTTP::Session2 | 中危 | - | 2026-02-27 20:12:35 | Deep Dive |
| CVE-2019-25352 | Genivia Crystal Live HTTP Server 6.01 - 'Crystal Live HTTP Server' Path Traversal | Genivia Inc. | Crystal Live HTTP Server | High | 7.5 | 2026-02-18 21:54:58 | Deep Dive |
| CVE-2026-2629 | jishi node-sonos-http-api TTS Provider mac-os.js Promise os command injection | jishi | node-sonos-http-api | High | 7.3 | 2026-02-17 22:02:07 | Deep Dive |
| CVE-2020-37056 | Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass | Crystal Shard | http-protection | Critical | 9.8 | 2026-01-30 22:07:20 | Deep Dive |
| CVE-2025-14840 | HTTP Client Manager - Less critical - Information disclosure - SA-CONTRIB-2025-126 | Drupal | HTTP Client Manager | - | - | 2026-01-28 20:03:22 | Deep Dive |
| CVE-2026-24469 | C++ HTTP Server has Critical Path Traversal Vulnerability in RequestHandler Allowing Arbitrary File Read | frustratedProton | http-server | High | 7.5 | 2026-01-24 01:50:24 | Deep Dive |
| CVE-2026-21962 | Oracle Fusion Middleware 安全漏洞 | Oracle Corporation | Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in | Critical | 10.0 | 2026-01-20 21:56:33 | Deep Dive |