Lucene search
K

1206 matches found

OSV
OSV
added 2026/06/02 12:0 a.m.10 views

ALSA-2026:22551 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

7.5CVSS5.8AI score0.04409EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2026/06/02 12:0 a.m.37 views

Apache httpd -- DoS exploit in HTTP/2

Calif security reports: Remote DoS in modhttp2...

7.5CVSS5.8AI score0.11471EPSS
Exploits8References1
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-48827

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload- pack, git-receive-pack, and other git operations allows...

7.1CVSS5.8AI score0.00527EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/30 6:42 a.m.165 views

Exploit for CVE-2026-8732

CVE-2026-8732 - WP Maps Pro &checktemp=false' 3. Login via...

9.8CVSS5.8AI score0.09461EPSS
Exploits7
Ubuntu
Ubuntu
added 2026/05/29 10:47 a.m.18 views

USN-8338-2: Apache HTTP Server regression

USN-8338-1 fixed vulnerabilities in Apache HTTP Server. The update introduced a regression that prevented modhttp2 from loading on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server incorrectly...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/29 10:47 a.m.13 views

USN-8338-2 apache2 regression

USN-8338-1 fixed vulnerabilities in Apache HTTP Server. The update introduced a regression that prevented modhttp2 from loading on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server incorrectly...

5.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/27 9:13 p.m.20 views

httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

5.3CVSS5.8AI score0.00485EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-44748

CVE-2026-8680 - Apache HTTP Server Remote Code Execution CVE ID :CVE-2026-8680 Published : May 26, 2026, 11:16 p.m. | 54 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more details, such as...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.22 views

PT-2026-43619

Name of the Vulnerable Software and Affected Versions protobufjs affected versions not specified Description An issue exists where the software could recurse without a depth limit during the conversion of decoded messages to plain objects or JSON. This specifically affects the generated toObject...

7.5CVSS5.9AI score0.00324EPSS
Exploits0References7
OSV
OSV
added 2026/05/26 9:51 a.m.11 views

OPENSUSE-SU-2026:20810-1 Security update for apache2

This update for apache2 fixes the following issues: Changes in apache2: Version update to 2.4.66 jscPED-16181 SECURITY: CVE-2025-66200: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo. moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server...

9.1CVSS7.1AI score0.04409EPSS
Exploits2References12
OSV
OSV
added 2026/05/26 9:46 a.m.4 views

SUSE-SU-2026:21846-1 Security update for apache2

This update for apache2 fixes the following issues: Changes in apache2: Version update to 2.4.66 jscPED-16181 SECURITY: CVE-2025-66200: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo. moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server...

9.1CVSS7AI score0.04409EPSS
Exploits2References13
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.15 views

PT-2026-44505

CVE-2026-43919 - Apache HTTP Server Remote Code Execution Vulnerability CVE ID :CVE-2026-43919 Published : May 26, 2026, 3:16 p.m. | 53 minutes ago Description :Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-43918. Reason: This candidate is a duplicate of...

5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.19 views

PT-2026-44501

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description A Server-Side Template Injection SSTI issue exists in the template rendering system. Administrators with access to features that render Twig templates—such as email templates, mass mail campaigns...

9.4CVSS6.2AI score0.01892EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-44504

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description Authenticated sessions for client, staff, or admin accounts are not invalidated when the account is suspended or marked inactive. The session identity loaders in src/di.php loggedin client and...

8.7CVSS6AI score0.00235EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Apache2

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch, especially when an extremely large input buffer is used. Although no code distributed with the server can be forced to make such a call, third-party modules or Lua scripts that us...

9.1CVSS7AI score0.05729EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in Apache2

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...

7.3CVSS6.6AI score0.03914EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Apache2

If the Apache HTTP Server 2.4.53 is configured to perform transformations using modsed, especially in contexts where the input to modsed can be very large, modsed may cause excessive memory allocation and trigger an abort...

7.5CVSS7.5AI score0.90407EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in Apache2

Inconsistent interpretation of HTTP requests: The “HTTP Request Smuggling” vulnerability in modproxyajp of the Apache HTTP Server allows an attacker to secretly send requests to the AJP server to which the server forwards requests. This issue affects the Apache HTTP Server version 2.4.53 and...

7.5CVSS7AI score0.19008EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Apache2

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a Lua script that calls r:parsebody0 may cause a denial of service due to the lack of a default limit on the possible input size...

7.5CVSS7.2AI score0.05678EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Apache2

A regression in Apache HTTP Server 2.4.60 ignores some uses of the legacy content-type-based configuration for handlers. Configurations like “AddType” and similar settings, under certain circumstances where files are requested indirectly, can lead to exposure of local content in the source code...

6.2CVSS6.5AI score0.00889EPSS
Exploits0References2
Rows per page
Query Builder