OESA-2026-1529 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...

CLSA-2026-1772101256 httpd: Fix of CVE-2024-42516

CVE-2024-42516: fix HTTP response splitting by reordering header validation to occur after full response header assembly...

CVE-2026-3169 Tenda F453 httpd SafeEmailFilter fromSafeEmailFilter buffer overflow

A security vulnerability has been detected in Tenda F453 1.0.0.3. This impacts the function fromSafeEmailFilter of the file /goform/SafeEmailFilter of the component httpd. The manipulation of the argument page leads to buffer overflow. Remote exploitation of the attack is possible. The exploit ha...

CVE-2026-3167

The advisory concerns CVE-2026-3167 affecting Tenda F453 with firmware 1.0.0.3. The vulnerability is in the httpd component, specifically the function formWebTypeLibrary in /goform/webtypelibrary, where manipulating the argument webSiteId causes a buffer overflow. This allows a remote attack, and...

CVE-2026-27589 Caddy vulnerable to cross-origin config application via local admin API /load (caddy)

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...

RHSA-2026:2994 Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP3 security update

Bulletin has no description...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP3 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 3 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

httpd: Apache HTTP Server: CGI environment variable override

A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

Security Bulletin: A vulnerability has been identified in IBM HTTP Server, which is used by IBM WebSphere Application Server and, in turn, by IBM Rational ClearQuest.

Summary IBM HTTP Server is utilized by IBM WebSphere Application Server, which in turn is used by the IBM Rational ClearQuest server. Details regarding security vulnerabilities impacting IBM HTTP Server have been released in an official security bulletin. Vulnerability Details Refer to the securi...

Multiple Vulnerabilities in Cosminexus HTTP Server

Overview Multiple vulnerabilities have been found in Cosminexus HTTP Server. CVE-2025-49630, CVE-2025-53020 These vulnerabilities does not apply if HTTP/2 protocol is disabled. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the...

Vulnerability in Cosminexus HTTP Server and Hitachi Web Server

Overview Vulnerability has been found in Cosminexus HTTP Server and Hitachi Web Server. CVE-2024-43204 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

CLSA-2026-1770310535 java-1.8.0-openjdk: Fix of 3 CVEs

Upgrade to shenandoah-jdk8u482-b08 GA fixing the following CVE: - CVE-2026-21945: enhance certificate checking - CVE-2026-21925: improve JMX connections - CVE-2026-21933: improve HttpServer request handling...

PT-2026-8286

CVE-2026-26296 - Apache HTTP Server Unvalidated Request Parameter CVE ID : CVE-2026-26296 Published : Feb. 14, 2026, 4:15 a.m. | 1 hour, 26 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, an...

PT-2026-8291

CVE-2026-26301 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-26301 Published : Feb. 14, 2026, 4:15 a.m. | 1 hour, 26 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-8293

CVE-2026-26303 - Apache HTTP Server Cross-Site Request Forgery CSRF CVE ID : CVE-2026-26303 Published : Feb. 14, 2026, 4:15 a.m. | 1 hour, 26 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline,...

RLSA-2026:0933 Important: java-25-openjdk security update

The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit. Security Fixes: JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945 libpng:...

PT-2026-8264

CVE-2025-36526 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-36526 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the link f...

PT-2026-8259

CVE-2025-35993 - Apache HTTP Server DNS Rebinding CVE ID : CVE-2025-35993 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the link for more...

PT-2026-8267

CVE-2025-36538 - Apache HTTP Server Cross-Site Scripting CVE ID : CVE-2025-36538 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the link fo...