Lucene search
K

37 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Apache2

A carefully crafted request uri-path can cause modproxyuwsgi to exceed the allocated memory and result in a crash DoS. This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 inclusive...

7.5CVSS7.2AI score0.62887EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38462

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References4
OSV
OSV
added 2026/05/05 2:16 p.m.6 views

DEBIAN-CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 2:16 p.m.4 views

ALPINE-CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 1:10 p.m.9 views

CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/05 1:10 p.m.9 views

CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.3CVSS5.8AI score0.00628EPSS
Exploits0
NVD
NVD
added 2026/03/31 8:16 p.m.6 views

CVE-2026-34203

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...

4.3CVSS0.00245EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/31 7:27 p.m.4 views

CVE-2026-34203

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...

2.7CVSS5.8AI score0.00245EPSS
Exploits0References6Affected Software1
CNVD
CNVD
added 2025/12/10 12:0 a.m.105 views

Unspecified Vulnerability in Apache HTTP Server (CNVD-2025-30837)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions 2.4.30 through 2.4.66 and earlier, which can be exploited by an...

7.5CVSS6.8AI score0.00402EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/08 10:51 p.m.2 views

CVE-2025-55753

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: fro...

7.5CVSS6.7AI score0.00402EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 11:15 a.m.5 views

AZL-71863 CVE-2025-55753 affecting package httpd for versions less than 2.4.66-1

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: fro...

7.5CVSS7.1AI score0.00402EPSS
Exploits0References1
OSV
OSV
added 2025/12/05 11:15 a.m.3 views

ALPINE-CVE-2025-55753

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: fro...

7.5CVSS7.1AI score0.00402EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/12/04 12:0 a.m.6 views

Apache HTTP Server 2.4.30 - 2.4.65 Integer Overflow Vulnerability - Windows

Apache HTTP Server is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.8AI score0.00402EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/12/04 12:0 a.m.2 views

Apache HTTP Server 2.4.30 - 2.4.65 Integer Overflow Vulnerability - Linux

Apache HTTP Server is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.8AI score0.00402EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/08/23 9:15 a.m.2 views

CVE-2024-5502

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS6.1AI score0.00303EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.7 views

PT-2024-36461 · WordPress · Piotnet Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Piotnet Addons For Elementor plugin for WordPress versions 1.0 through 2.4.30 Description: The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and...

6.4CVSS5.9AI score0.00303EPSS
Exploits0References17
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.17 views

Brizy < 2.4.30 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS6.1AI score0.00321EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/12/26 12:0 a.m.14 views

WordPress Brizy Plugin <= 2.4.29 is vulnerable to Cross Site Scripting (XSS)

Software Brizy Type Plugin Vulnerable versions = 2.4.29 Fixed in 2.4.30 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51396 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a61ae26c3500 Credits emad Required privilege Contributor Published ...

6.5CVSS6.6AI score0.00321EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/03/09 3:52 a.m.4 views

SUSE CVE-2023-27522

HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client...

5.9CVSS8.6AI score0.02134EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.31 views

Apache HTTP Server 2.4.30 - 2.4.55 HTTP Request Smuggling Vulnerability - Linux

Apache HTTP Server is prone to a HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS8.8AI score0.02134EPSS
Exploits0References1
Rows per page
Query Builder