CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32111
https://notcve.org/view.php?id=CVE-2025-32111
04 Apr 2025 — The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout. La imagen de Docker de acme.sh anterior a 40b6db6 se basa en un archivo .github/workflows/dockerhub.yml que carece de "persist-credentials: false" para acciones/pago. • https://github.com/acmesh-official/acme.sh/commit/40b6db6a2715628aa977ed1853fe5256704010ae • CWE-260: Password in Configuration File •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31540 – WordPress ACME Divi Modules plugin <= 1.3.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-31540
31 Mar 2025 — Missing Authorization vulnerability in acmemediakits ACME Divi Modules allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ACME Divi Modules: from n/a through 1.3.5. The ACME Divi Modules plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/acme-divi-modules/vulnerability/wordpress-acme-divi-modules-plugin-1-3-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2024-0263 – ACME Ultra Mini HTTPd HTTP GET Request denial of service
https://notcve.org/view.php?id=CVE-2024-0263
07 Jan 2024 — A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. • https://0day.today/exploit/description/39212 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47793 – WordPress Acme Fix Images plugin <= 1.0.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-47793
15 Nov 2023 — Missing Authorization vulnerability in acmethemes Acme Fix Images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acme Fix Images: from n/a through 1.0.0. The Acme Fix Images plugin for WordPress is vulnerable to unauthorized access to the acme_fix_images_ajax_callback function in versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to resize images. • https://patchstack.com/database/wordpress/plugin/acme-fix-images/vulnerability/wordpress-acme-fix-images-plugin-1-0-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38198
https://notcve.org/view.php?id=CVE-2023-38198
13 Jul 2023 — acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023. • http://www.openwall.com/lists/oss-security/2023/07/13/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0158
https://notcve.org/view.php?id=CVE-2007-0158
27 Dec 2019 — thttpd 2007 has buffer underflow. thttpd versión 2007, tiene un desbordamiento de búfer. • http://taviso.decsystem.org/research.t2t • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5640
https://notcve.org/view.php?id=CVE-2012-5640
25 Nov 2019 — thttpd has a local DoS vulnerability via specially-crafted .htpasswd files thttpd, presenta una vulnerabilidad de tipo DoS local por medio de archivos .htpasswd especialmente diseñados. • http://www.openwall.com/lists/oss-security/2012/12/15/1 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 92%CPEs: 1EXPL: 2CVE-2018-18778
https://notcve.org/view.php?id=CVE-2018-18778
29 Oct 2018 — ACME mini_httpd before 1.30 lets remote users read arbitrary files. ACME mini_httpd en versiones anteriores a la 1.30 permite que usuarios remotos lean archivos arbitrarios. • https://github.com/auk0x01/CVE-2018-18778-Scanner • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17663
https://notcve.org/view.php?id=CVE-2017-17663
06 Feb 2018 — The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. La implementación htpasswd de mini_httpd, en versiones anteriores a la v1.28 y de thttpd, en versiones anteriores a la v2.28, se ha visto afectada por un desbordamiento de búfer que podría ser explotado de forma remota para ejecutar código. • http://acme.com/updates/archive/199.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1548
https://notcve.org/view.php?id=CVE-2015-1548
10 Feb 2015 — mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. mini_httpd 1.21 y anteriores permite a atacantes remotos obtener información sensible de la memoria de procesos a través de una solicitud HTTP con una cadena de protocolo largo, lo que provoca un cálculo del tamaño de respuesta incorrecta y una lectura fuera de rango. • http://itinsight.hu/en/posts/articles/2015-01-23-mini-httpd • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •