VYPR

Tinyweb

by Maximmasiutin

Source repositories

CVEs (6)

  • CVE-2026-29046Mar 6, 2026
    risk 0.00cvss epss 0.00

    TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables (HTTP_*). The parser did not strictly reject dangerous control characters in header lines and header…

  • CVE-2026-28497Mar 6, 2026
    risk 0.00cvss epss 0.00

    TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine (_Val) allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request…

  • CVE-2026-27633Feb 25, 2026
    risk 0.00cvss epss 0.00

    TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service (DoS) vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large…

  • CVE-2026-27630Feb 25, 2026
    risk 0.00cvss epss 0.00

    TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service (DoS) attack known as Slowloris. The server spawns a new OS thread for every incoming connection without enforcing a maximum concurrency limit…

  • CVE-2026-27613Feb 25, 2026
    risk 0.00cvss epss 0.01

    TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable…

  • CVE-2026-22781Jan 12, 2026
    risk 0.00cvss epss 0.02

    TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows…