CVE Tools

embedthis

Networking Infrastructurecommercial

10

Cumulative CVEs

5

Monthly snapshots

#49

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting embedthis.

CVE-2023-53155goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter.7.2Jul 25, 2025
CVE-2024-3187This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsin...5.9Oct 17, 2024
CVE-2024-3186CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a rem...5.3Oct 17, 2024
CVE-2024-3184Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for a...5.9Oct 17, 2024
CVE-2021-41615websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideli...9.8Aug 8, 2022
CVE-2021-33254An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.7.5Jun 1, 2022
CVE-2021-43298The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can...9.8Jan 25, 2022
CVE-2021-42342An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tun...9.8Oct 14, 2021
CVE-2020-15688The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via...8.8Jul 23, 2020
CVE-2020-15689Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and ca...7.5Jul 13, 2020
CVE-2019-5096An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specia...9.8Dec 3, 2019
CVE-2019-5097A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HT...7.5Dec 3, 2019
CVE-2019-19240Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can ...5.3Nov 22, 2019
CVE-2019-16645An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header s...8.6Sep 20, 2019
CVE-2019-12822In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a c...7.5Jun 14, 2019