Lucene search
+L

11698 matches found

OSV
OSV
added yesterday4 views

GHSA-8FV2-88GG-HM7Q Envoy Gateway: Wasm cache ServeHTTP reads mappingPath2Cache without lock

Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Pod-network reachability to :18002 no auth - Tenant can create EnvoyExtensionPolicy baseline - Attacker pod floods GET while churning EnvoyExtensionPolicy with distinct Wasm URLs -...

5.3CVSS6.1AI score0.0004EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-45695

Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists a...

9.8CVSS6.1AI score0.00109EPSS
Exploits0References5Affected Software1
Nuclei
Nuclei
added yesterday184 views

Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. id: CVE-2019-10098 info: name: Apache HTTP server v2.4.0 to v2.4.39 - Open...

6.1CVSS6.7AI score0.73981EPSS
Exploits1References6
OSV
OSV
added 3 days ago4 views

DEBIAN-CVE-2026-49855

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, Tornado gzip decompression routines processed limited-size chunks but did not enforce an overall limit on accumulated decompressed chunks, allowing a malicious server accessed by SimpleAsyncHTTPClient or an...

7.5CVSS6.1AI score0.00691EPSS
Exploits0References1
Nuclei
Nuclei
added 6 days ago130 views

Sonicwall - Pre-Authentication Arbitrary File Read

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

9.1CVSS7.4AI score0.99957EPSS
Exploits1
NVD
NVD
added last week8 views

CVE-2026-55884

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers on a gorilla/mux router with no authenticating middleware. When the HUD is bound to a non-loopback address, an unauthenticated network caller can...

9.2CVSS0.00397EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.10 views

PT-2026-57321

Name of the Vulnerable Software and Affected Versions h2o versions prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1 Description When processing a QPACK instruction sent from a peer over HTTP/3, the server may allocate an on-stack buffer of approximately 800 KB using the alloca function in...

7.5CVSS6.1AI score0.00343EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/09 10:4 a.m.6 views

Security Bulletin: Multiple vulnerabilities affect IBM Cloud Pak System

Summary Multiple vulnerabilities affect IBM Cloud Pak System. These vulnerabilties have been addressed with IBM Cloud Pak System 2.3.5.1. Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption c...

8.3CVSS7.5AI score0.01744EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/08 7:33 p.m.4 views

httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

5.3CVSS6.2AI score0.00393EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/08 7:33 p.m.7 views

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Commo...

9.8CVSS7.2AI score0.11471EPSS
Exploits9References8
RedHat Linux
RedHat Linux
added 2026/07/08 7:33 p.m.3 views

Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow

A flaw was found in modproxyajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP Apache JServ Protocol server, to send a specially crafted message. This message can cause modproxyajp to write attacker-controlled data...

9.8CVSS7.9AI score0.01376EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/08 5:58 p.m.4 views

httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

5.3CVSS6.2AI score0.00393EPSS
Exploits0References5
OSV
OSV
added 2026/07/07 9:11 p.m.6 views

CVE-2026-59153 Anki's local HTTP server does not sufficiently validate requests

Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially trigger side-effecting...

2.1CVSS6AI score0.00181EPSS
Exploits0References6
OSV
OSV
added 2026/07/07 12:5 p.m.5 views

RLSA-2026:34109 Important: httpd security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: incomplete fix for CVE-2023-38709 CVE-2024-42516 httpd: NULL pointer dereference via specially crafted request CVE-2026-29169 httpd: Apache HTTP Server: Heap-based Buffer...

7.7CVSS6AI score0.00805EPSS
Exploits0References8
OSV
OSV
added 2026/07/06 6:26 a.m.5 views

OESA-2026-2811 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.CVE-2026-43951 Improper...

6.5CVSS5.9AI score0.00525EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/03 11:36 p.m.20 views

Security Bulletin: Due to use of IBM Tivoli Monitoring , IBM Cloud Pak System is affected by multiple vulnerabilities.

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing...

9.8CVSS7AI score0.41611EPSS
Exploits1Affected Software2
OSV
OSV
added 2026/07/02 9:16 p.m.4 views

UBUNTU-CVE-2026-38968

ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding...

9.8CVSS6AI score0.00379EPSS
Exploits0References4
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.31 views

Apache HTTP Server - Remote Code Execution

Apache HTTP Server 2.4.32 to 2.4.44 contains an info disclosure and possible remote code execution caused by a vulnerability in modproxyuwsgi, letting remote attackers access sensitive information and potentially execute arbitrary code, exploit requires sending crafted requests. id: CVE-2020-1198...

9.8CVSS7.7AI score0.90039EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2026/07/01 4:54 p.m.6 views

httpd: Apache HTTP Server: Out-of-bounds Read in mod_headers and mod_mime

A flaw was found in Apache HTTP Server. An out-of-bounds read vulnerability exists when modheaders and modmime are used with multiple response languages. This could allow a remote attacker to disclose sensitive information from memory or cause a denial of service...

6.5CVSS5.7AI score0.00525EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/01 11:4 a.m.8 views

CVE-2026-48913

A flaw was found in the Apache HTTP Server's modhttp2 module. This vulnerability, known as a Use After Free, occurs when the server's file handles are exhausted. An attacker could potentially exploit this to cause a denial of service or, in some cases, execute arbitrary code, leading to system...

7.3CVSS6AI score0.00479EPSS
Exploits0References4
Rows per page
Query Builder