CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.4CVSS5.7AI score0.00041EPSS

AZL-71528 CVE-2025-66200 affecting package httpd for versions less than 2.4.66-1

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...

OSV•added 2025/12/05 11:15 a.m.•0 views

AZL-71590 CVE-2025-66200 affecting package httpd for versions less than 2.4.66-1

5.4CVSS6AI score0.00041EPSS

OSV•added 2025/12/05 11:15 a.m.•0 views

AZL-71525 CVE-2025-65082 affecting package httpd for versions less than 2.4.66-1

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

6.5CVSS6.9AI score0.00145EPSS

7.5CVSS6.9AI score0.00064EPSS

ALPINE-CVE-2025-59775

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

OSV•added 2025/12/05 11:15 a.m.•2 views

DEBIAN-CVE-2025-59775

7.5CVSS5.5AI score0.00064EPSS

CVE-2025-66200

5.4CVSS6.9AI score

7.5CVSS5.8AI score0.00048EPSS

AZL-71870 CVE-2025-55753 affecting package httpd for versions less than 2.4.66-1

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: fro...

OSV•added 2025/12/05 11:15 a.m.•2 views

ALPINE-CVE-2025-55753

7.5CVSS7.1AI score0.00048EPSS

OSV•added 2025/12/05 11:15 a.m.•0 views

UBUNTU-CVE-2025-65082

6.5CVSS5.8AI score0.00145EPSS

Exploits0References5

Cvelist•added 2025/12/05 11:2 a.m.•27 views

CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

0.00041EPSS

Vulnrichment•added 2025/12/05 11:2 a.m.•1 views

CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

6.6AI score0.00041EPSS

CVE•added 2025/12/05 10:17 a.m.•642 views

CVE-2025-59775

CVE-2025-59775 : SSRF in Apache HTTP Server on Windows when AllowEncodedSlashes On and MergeSlashes Off can leak NTLM hashes to a malicious server. Affected: Apache HTTP Server (Windows). Root cause: SSRF via UNC/NTLM-related handling as described in multiple security bulletins. Remediation: upgr...

7.5CVSS6.5AI score0.00064EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/12/05 10:17 a.m.•21 views

CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF

0.00064EPSS

CVE•added 2025/12/05 10:12 a.m.•477 views

CVE-2025-55753

CVE-2025-55753 affects Apache HTTP Server (2.4.30–2.4.65). The issue is an integer overflow during failed ACME certificate renewals that, after ~30 days in default configs, causes the backoff timer to become 0. Thereafter, renewal attempts occur repeatedly without delays until success, potentiall...

7.5CVSS6.8AI score0.00048EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/12/05 10:12 a.m.•23 views

CVE-2025-55753 Apache HTTP Server: mod_md (ACME), unintended retry intervals

0.00048EPSS

CNNVD•added 2025/12/05 12:0 a.m.•1 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A code execution vulnerability exists in Apache HTTP Server versions 2.4.7 through 2.4.65, which can be exploited by an attacker t...

5.4CVSS7.1AI score0.00041EPSS

Tenable Nessus•added 2025/12/04 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-66200

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can...

5.4CVSS6.8AI score0.00041EPSS

OpenVAS•added 2025/12/04 12:0 a.m.•1 views

Apache HTTP Server 2.4.x < 2.4.66 Improper Neutralization Vulnerability - Windows

Apache HTTP Server is prone to an improper neutralization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS6.8AI score0.00145EPSS

OpenVAS•added 2025/12/04 12:0 a.m.•2 views

Apache HTTP Server 2.4.7 - 2.4.65 Authentication Bypass Vulnerability - Windows

Apache HTTP Server is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.4CVSS7AI score0.00041EPSS