CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

622 matches found

Positive Technologies•added 2 days ago•7 views

PT-2026-49179

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

8.6CVSS5.8AI score0.00371EPSS

Exploits0References6

RedhatCVE•added 2026/06/05 7:24 p.m.•6 views

CVE-2026-8852

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modfastcgi module...

7.5CVSS5.4AI score0.00197EPSS

Exploits0References1

OSV•added 2026/06/01 12:0 p.m.•8 views

RLSA-2026:22305 Important: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation...

7.5CVSS5.9AI score0.0045EPSS

Exploits1References5

RedHat Linux•added 2026/06/01 3:37 a.m.•9 views

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6.1AI score0.0021EPSS

Exploits1References5

OSV•added 2026/06/01 12:0 a.m.•7 views

ALSA-2026:22143 Important: php:8.2 security update

8.8CVSS5.9AI score0.0045EPSS

Exploits1References10

NVD•added 2026/05/26 5:16 p.m.•8 views

CVE-2026-8852

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modfastcgi module...

7.5CVSS0.00197EPSS

Exploits0References1

Cvelist•added 2026/05/26 4:56 p.m.•31 views

CVE-2026-8852 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modfastcgi module...

6.2CVSS0.00197EPSS

Exploits0References1

CVE•added 2026/05/26 4:56 p.m.•9 views

CVE-2026-8852

IBM HTTP Server (8.5 and 9.0) is affected by CVE-2026-8852, with denial of service via the optional mod_fastcgi module. The IBM bulletin confirms this alongside other IBM HTTP Server CVEs and provides remediation guidance: upgrade to the minimal fix pack level and apply the interim fix PH71265, o...

7.5CVSS5.8AI score0.00197EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/26 4:56 p.m.•5 views

CVE-2026-8852

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modfastcgi module...

6.2CVSS5.8AI score0.00197EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/26 4:56 p.m.•7 views

CVE-2026-8852 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modfastcgi module...

6.2CVSS5.8AI score0.00197EPSS

Exploits0References1

EUVD•added 2026/05/26 4:56 p.m.•8 views

EUVD-2026-31896

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modfastcgi module...

7.5CVSS5.8AI score0.00197EPSS

Exploits0References1

CloudLinux•added 2026/05/26 9:20 a.m.•7 views

php: Fix of CVE-2026-6735

CVE-2026-6735: fix XSS within FPM status endpoint...

8.8CVSS5.8AI score0.0021EPSS

Exploits1

Positive Technologies•added 2026/05/26 12:0 a.m.•7 views

PT-2026-43325

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod fastcgi module...

6.2CVSS5.8AI score0.00197EPSS

Exploits0References2

CNNVD•added 2026/05/26 12:0 a.m.•5 views

IBM HTTP Server 安全漏洞

IBM HTTP Server is an enterprise-level web server software developed by International Business Machines IBM. Versions 8.5 and 9.0 of IBM HTTP Server contain security vulnerabilities; these vulnerabilities stem from the optional module modfastcgi, which may lead to denial-of-service attacks...

7.5CVSS5.8AI score0.00197EPSS

Exploits0References1

SUSE Linux•added 2026/05/21 11:57 a.m.•4 views

Security update for php8

This update for php8 fixes the following issues CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776...

9.8CVSS6.5AI score0.00505EPSS

Exploits1References32

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в haproxy

A vulnerability related to information leaks was discovered in HAProxy versions 2.1, 2.2 before 2.2.27, 2.3, and 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, and 2.7 before 2.7.1. There are 5 bytes that are not initialized in the connection buffer when encoding the FCGIBEGINREQUEST...

7.5CVSS7.1AI score0.01201EPSS

Exploits0References2

Github Security Blog•added 2026/05/18 1:40 p.m.•9 views

Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files

Summary The FastCGI transport's splitPos in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead Caddy's FastCGI splitting into treatin...

9.8CVSS6.5AI score0.0058EPSS

Exploits1References4Affected Software1

OSV•added 2026/05/18 1:40 p.m.•1 views

GHSA-M675-2P33-XV9G Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files

8.1CVSS6.5AI score0.00297EPSS

Exploits0References4

Positive Technologies•added 2026/05/18 12:0 a.m.•10 views

PT-2026-41687

9.8CVSS6.5AI score0.0058EPSS

Exploits1References5

OSV•added 2026/05/15 10:16 a.m.•5 views

CLSA-2026-1778751841 php: Fix of CVE-2026-6735