Lucene search
K

2964 matches found

Nuclei
Nuclei
added 8 hours ago57 views

Php-mod/curl Library <2.3.2 - Cross-Site Scripting

Php-mod/curl library before 2.3.2 contains a cross-site scripting vulnerability via the postfilepathupload.php key parameter and the POST data to postmultidimensional.php. An attacker can inject arbitrary script, which can allow theft of cookie-based authentication credentials and launch of other...

6.1CVSS6.5AI score0.01261EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday148 views

Apache HTTP Server - ACL Bypass

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. id: CVE-2024-38473 info: name: Apache HTTP Server - ACL Bypass author: pdteam severity: high...

8.1CVSS6.7AI score0.25878EPSS
Exploits1References5
Nuclei
Nuclei
added 3 days ago90 views

Apache Tomcat JK Connect <=1.2.44 - Manager Access

Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is so...

7.5CVSS7AI score0.90647EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 6:28 p.m.5 views

Moderate: Red Hat Security Advisory: mod_md security update

An update for modmd is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.3CVSS7AI score0.00628EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 9:45 a.m.5 views

EUVD-2026-40059

A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/modusers/controller.php?action=edit of the component POST Request Handler. This manipulation of the argument Name causes cross site scripting. The attack may be...

5.3CVSS4.4AI score0.00443EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 9:30 a.m.5 views

EUVD-2026-40058

A vulnerability was found in itsourcecode Online Hotel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/modusers/controller.php?action=add. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploi...

7.5CVSS6.9AI score0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 9:30 a.m.32 views

CVE-2026-13555 itsourcecode Online Hotel Management System controller.php add sql injection

A vulnerability was found in itsourcecode Online Hotel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/modusers/controller.php?action=add. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploi...

7.5CVSS0.00412EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 8:45 a.m.5 views

EUVD-2026-40063

A vulnerability was detected in itsourcecode Online Hotel Management System 1.0. This impacts an unknown function of the file /admin/modamenities/controller.php?action=edit. Performing a manipulation of the argument amenid results in sql injection. It is possible to initiate the attack remotely...

7.5CVSS7AI score0.00412EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53243

Name of the Vulnerable Software and Affected Versions itsourcecode Online Hotel Management System version 1.0 Description A remote cross site scripting issue exists in the POST Request Handler component. The flaw occurs when the Name argument is manipulated within the '/admin/mod...

5.3CVSS5.4AI score0.00443EPSS
Exploits0References10
Fedora
Fedora
added 2026/06/27 12:56 a.m.4 views

[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-11.fc43

Nginx virtual host traffic status module...

9.2CVSS7AI score0.03225EPSS
Exploits4
SUSE CVE
SUSE CVE
added 2026/06/26 2:8 a.m.6 views

SUSE CVE-2026-53260

In the Linux kernel, the following vulnerability has been resolved: tcp: Add preemptdisable,enablenested in reqskqueuehashreq. syzbot reported a weird reqsk-rskrefcnt underflow in inetcskreqskqueuedrop. The captured reqskput in inetcskreqskqueuedrop is called only when it successfully removes req...

9.8CVSS5.8AI score0.00349EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.10 views

SUSE SLES16: apache2 / apache2-devel / apache2-event / apache2-manual / etc (SUSE-SU-2026:22209-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22209-1 advisory. This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957...

9.8CVSS7.2AI score0.4581EPSS
Exploits18References34
NVD
NVD
added 2026/06/25 9:16 a.m.9 views

CVE-2026-53260

In the Linux kernel, the following vulnerability has been resolved: tcp: Add preemptdisable,enablenested in reqskqueuehashreq. syzbot reported a weird reqsk-rskrefcnt underflow in inetcskreqskqueuedrop. The captured reqskput in inetcskreqskqueuedrop is called only when it successfully removes req...

9.8CVSS0.00349EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53260

In the Linux kernel, the following vulnerability has been resolved: tcp: Add preemptdisable,enablenested in reqskqueuehashreq. syzbot reported a weird reqsk-rskrefcnt underflow in inetcskreqskqueuedrop. The captured reqskput in inetcskreqskqueuedrop is called only when it successfully removes req...

9.8CVSS5.7AI score0.00349EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 5:57 p.m.3 views

Security Bulletin:IBM HTTP Server shipped with IBM OpenPages is vulnerable to multiple vulnerabilities

Summary IBM HTTP Server used by IBM WebSphere Application Server, that is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. These products have addressed the applicable CVEs. For a...

9.8CVSS6.8AI score0.00488EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.13 views

httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

7.5CVSS6AI score0.00394EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.6 views

httpd: mod_md: unrestricted OCSP response leads to resource exhaustion

A flaw was found in the modmd module of httpd. When processing OCSP Online Certificate Status Protocol responses from a malicious or compromised OCSP responder, the module fails to enforce proper size limits on the incoming data. This issue leads to memory exhaustion and a denial of service...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.5 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS5.9AI score0.00514EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.6 views

httpd: mod_md: unrestricted OCSP response leads to resource exhaustion

A flaw was found in the modmd module of httpd. When processing OCSP Online Certificate Status Protocol responses from a malicious or compromised OCSP responder, the module fails to enforce proper size limits on the incoming data. This issue leads to memory exhaustion and a denial of service...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2 : httpd, --advisory ALAS2-2026-3379 (ALAS-2026-3379)

The version of httpd installed on the remote host is prior to 2.4.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3379 advisory. Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HT...

9.8CVSS6AI score0.00805EPSS
Exploits0References24
Rows per page
Query Builder