Civetweb
This hub aggregates every CVE we track for Civetweb, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
4
CVEs tracked
1
Critical
3
High
0
In CISA KEV
Severity distribution
HIGH3CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
2024-082026-07
Latest CVEs
The 4 most recently published vulnerabilities affecting Civetweb.
- CVE-2026-5789Search path without quotes in CivetWeb7.8
- CVE-2020-27304The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request...9.8
- CVE-2019-3821A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exha...7.5
- CVE-2018-12684Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.7.1
Product normalization is registry-driven with AI assist and human review. How it works