Lucene search
K

61645 matches found

Chainguard
Chainguard
added 4 days ago7 views

CVE-2026-54293 vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.13-sdk, apache-beam-python-3.12-sdk, py3-nltk...

7.5CVSS6.1AI score0.00378EPSS
Exploits1
Chainguard
Chainguard
added 4 days ago5 views

GHSA-P4GQ-832X-FM9V vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.13-sdk, apache-beam-python-3.12-sdk, py3-nltk...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 4 days ago3 views

Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow

A flaw was found in modproxyajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP Apache JServ Protocol server, to send a specially crafted message. This message can cause modproxyajp to write attacker-controlled data...

9.8CVSS7.9AI score0.01376EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago4 views

mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase

A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service DoS. The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users...

7.5CVSS6.6AI score0.04409EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 4 days ago4 views

httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

5.3CVSS6.2AI score0.00393EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago4 views

httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

7.5CVSS7.1AI score0.00394EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago4 views

httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

5.3CVSS6.2AI score0.00485EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago6 views

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Commo...

9.8CVSS7.2AI score0.11471EPSS
Exploits9References8
RedHat Linux
RedHat Linux
added 4 days ago6 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS6.2AI score0.00514EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago4 views

cxf: org.apache.cxf/cxf-core: Apache CXF: Information disclosure via out-of-band external entity resolution due to missing JAXP hardening

A flaw was found in Apache CXF. The EndpointReferenceUtils and W3CMultiSchemaFactory classes within Apache CXF construct a SAXParserFactory without proper security configurations. This oversight enables out-of-band OOB external entity resolution, a type of XML External Entity XXE vulnerability. A...

9.8CVSS5.8AI score0.00527EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 4 days ago5 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.2.SP2)

An update for Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available RHBQ 3.33.2.SP2. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...

9.8CVSS6.6AI score0.00695EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 4 days ago4 views

Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow

A flaw was found in modproxyajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP Apache JServ Protocol server, to send a specially crafted message. This message can cause modproxyajp to write attacker-controlled data...

9.8CVSS7.9AI score0.01376EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago4 views

httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

5.3CVSS6.2AI score0.00393EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago3 views

httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

5.3CVSS6.2AI score0.00485EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago3 views

httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

7.5CVSS7.1AI score0.00394EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago3 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS6.1AI score0.0504EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 4 days ago4 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS6.1AI score0.0504EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 4 days ago6 views

Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass

A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...

7.5CVSS6.1AI score0.21691EPSS
Exploits6References5
RedHat Linux
RedHat Linux
added 4 days ago4 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS6.1AI score0.0504EPSS
Exploits1References5
Nuclei
Nuclei
added 4 days ago57 views

ListSERV Maestro <= 9.0-8 RCE

A struts-based OGNL remote code execution vulnerability exists in ListSERV Maestro before and including version 9.0-8. id: CVE-2010-1870 info: name: ListSERV Maestro = 9.0-8 RCE author: b0yd severity: medium description: A struts-based OGNL remote code execution vulnerability exists in ListSERV...

5CVSS7.5AI score0.91079EPSS
Exploits22References5
Rows per page
Query Builder