Aggregates CVE and security vulnerability intelligence across all sergey_lyubka-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk path handling and vendor risk input validation and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2009-4530 | Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI. | [email protected] | 5.0 | 0.23% | 2009-12-31 | 2026-04-23 |
| CVE-2009-1354 | Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | [email protected] | 4.0 | 3.28% | 2009-04-21 | 2026-04-23 |
| CVE-2007-6326 | Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI. | [email protected] | 5.0 | 6.40% | 2007-12-13 | 2026-04-23 |
| CVE-2007-3407 | Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to obtain sensitive information (script source code) via a URL with a trailing encoded space (%20). | [email protected] | 5.0 | 11.54% | 2007-06-26 | 2026-04-23 |
| CVE-2006-5216 | Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI. | [email protected] | 7.5 | 81.80% | 2006-10-10 | 2026-04-23 |