VYPR

Small HTTP

by Smallsrv

CVEs (2)

  • CVE-2025-41359Mar 26, 2026
    risk 0.00cvss epss 0.00

    Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files (x86)\shttps_mg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name…

  • CVE-2025-41368Mar 26, 2026
    risk 0.00cvss epss 0.01

    Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured…