Web server

This hub aggregates every CVE we track for Web server, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Web server.

• CVE-2018-25235NetworkActiv Web Server 4.0 Username Field Buffer Overflow DoS6.2Mar 30, 2026
• CVE-2025-3928Commvault Web Server unspecified vulnerabilityKEV8.8Apr 25, 2025
• CVE-2022-31805Insecure transmission of credentials7.5Jun 24, 2022
• CVE-2022-25322ZEROF Web Server 2.0 allows /HandleEvent SQL Injection.9.8Feb 18, 2022
• CVE-2022-25323ZEROF Web Server 2.0 allows /admin.back XSS.6.1Feb 18, 2022
• CVE-2021-30175ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page.9.8Apr 13, 2021
• CVE-2020-7222An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result...5.3Jan 17, 2020
• CVE-2017-16934The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this p...9.8Nov 24, 2017
• CVE-2017-6025A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualizat...9.8May 19, 2017
• CVE-2017-6027An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualiza...9.8May 19, 2017
• CVE-2008-4533Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.4.3Oct 10, 2008
• CVE-2007-5810Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via...5.0Nov 5, 2007
• CVE-2007-5809Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspec...4.3Nov 5, 2007
• CVE-2007-4529The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that exte...8.5Aug 25, 2007
• CVE-2007-4530Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak Server 2.0.20.1 allow remote attackers to inject arbitrary web script or HTML via (1) the error_text parameter to error_box.html or ...4.3Aug 25, 2007