CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2025/08/29 12:0 a.m.•2 views

PT-2025-35396

CVE-2025-58327 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-58327 Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

6.7AI score

Positive Technologies•added 2025/08/29 12:0 a.m.•2 views

PT-2025-35400

CVE-2025-58331 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-58331 Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

6.6AI score

RedHat Linux•added 2025/08/28 4:54 p.m.•1 views

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

7.5CVSS5.8AI score0.00651EPSS

RedHat Linux•added 2025/08/28 4:54 p.m.•6 views

Moderate: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.1CVSS7.4AI score0.00651EPSS

Exploits1References4

RedHat Linux•added 2025/08/28 4:54 p.m.•5 views

httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

7.4CVSS5.7AI score0.00446EPSS

RedHat Linux•added 2025/08/26 1:26 p.m.•1 views

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...

7.5CVSS5.8AI score0.03545EPSS

Tenable Nessus•added 2025/08/24 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2003-1581

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HT...

2.6CVSS5.6AI score0.01975EPSS

Exploits1References2

Tenable Nessus•added 2025/08/24 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2003-1580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad...

4.3CVSS5.7AI score0.01178EPSS

Exploits1References2

Positive Technologies•added 2025/08/23 12:0 a.m.•3 views

PT-2025-34593 · Undefined · Undefined

CVE-2025-24468 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-24468 Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

Positive Technologies•added 2025/08/21 12:0 a.m.•3 views

PT-2025-34535 · Undefined · Undefined

CVE-2025-57829 - Apache HTTP Server Command Injection CVE ID : CVE-2025-57829 Published : Aug. 21, 2025, 4:16 a.m. | 3 hours, 59 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

7.3AI score

Tenable Nessus•added 2025/08/21 12:0 a.m.•2 views

F5 Networks BIG-IP : Apache HTTP server vulnerability (K000153074)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000153074 advisory. HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the...

7.5CVSS7.5AI score0.04358EPSS

Exploits0References2

Positive Technologies•added 2025/08/21 12:0 a.m.•5 views

PT-2025-34534 · Undefined · Undefined

CVE-2025-57828 - Apache HTTP Server Unsecured Configuration CVE ID : CVE-2025-57828 Published : Aug. 21, 2025, 4:15 a.m. | 3 hours, 59 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

vulnersOsv•added 2025/08/20 8:52 p.m.•3 views

io.airlift:discovery (=324), io.airlift:http-client (=324) +13 more potentially affected by CVE-2025-5115 via org.eclipse.jetty.http2:jetty-http2-common (>=12.1.0.alpha0 <=12.1.0.beta2)

org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.1.0.alpha0, =12.1.0.alpha2, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.beta2 Source cves: CVE-2025-5115 Source advisory: SNYK:JAVA-ORGECLIPSEJETTYHTTP2-12047664...

7.7CVSS6.9AI score0.00573EPSS

Exploits0

Positive Technologies•added 2025/08/20 12:0 a.m.•3 views

PT-2025-34335 · Undefined · Undefined

CVE-2025-57744 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-57744 Published : Aug. 20, 2025, 4:16 a.m. | 3 hours, 59 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Positive Technologies•added 2025/08/19 12:0 a.m.•5 views

PT-2025-33835 · Undefined · Undefined

CVE-2025-57723 - Apache HTTP Server Unauthenticated Remote Code Execution CVE ID : CVE-2025-57723 Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, an...

7.7AI score

Positive Technologies•added 2025/08/19 12:0 a.m.•4 views

PT-2025-33830 · Undefined · Undefined

CVE-2025-57718 - Apache HTTP Server SSRF CVE ID : CVE-2025-57718 Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Positive Technologies•added 2025/08/19 12:0 a.m.•3 views

PT-2025-34271 · Undefined · Undefined

CVE-2025-55153 - Apache HTTP Server XML Entity Injection CVE ID : CVE-2025-55153 Published : Aug. 19, 2025, 6:15 p.m. | 1 hour, 59 minutes ago Description : Rejected reason: This CVE is a duplicate of another CVE. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected...

RedHat Linux•added 2025/08/14 1:51 p.m.•8 views

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP1 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 1 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.1CVSS7AI score0.03545EPSS

Exploits4References10

RedHat Linux•added 2025/08/14 1:51 p.m.•1 views

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

7.5CVSS5.8AI score0.03545EPSS