本ページは smallsrv small_http_server に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-41359 | Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files (x86)\shttps_mg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority directory, causing the service to execute the malicious file instead of the legitimate one. Exploiting this flaw could allow arbitrary code execution, unauthorized access to the system, or service dis | [email protected] | 8.5 | 0.02% | 2026-03-26 | 2026-03-26 |
| CVE-2025-41368 | Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server. | [email protected] | 8.7 | 0.02% | 2026-03-26 | 2026-03-26 |
| CVE-2022-28994 | Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request. | [email protected] | 9.8 | 0.95% | 2022-04-29 | 2024-11-21 |