本页列出影响 smallsrv small_http_server 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-41359 | Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files (x86)\shttps_mg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority directory, causing the service to execute the malicious file instead of the legitimate one. Exploiting this flaw could allow arbitrary code execution, unauthorized access to the system, or service dis | [email protected] | 8.5 | 0.15% | 2026-03-26 | 2026-06-17 |
| CVE-2025-41368 | Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server. | [email protected] | 8.7 | 0.61% | 2026-03-26 | 2026-06-17 |
| CVE-2022-28994 | Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request. | [email protected] | 9.8 | 2.18% | 2022-04-29 | 2026-06-17 |