Exploit for Cross-site Scripting in Exclusiveaddons Exclusive_Addons_For_Elementor

Cookiecutter POC Template A minimal Python cookiecutter templ...

PT-2025-38642

CVE-2025-59672 - Apache HTTP Server Command Injection CVE ID : CVE-2025-59672 Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-38641

CVE-2025-59671 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-59671 Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-38652

CVE-2025-59676 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-59676 Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Malicious code in @art-ws/http-server (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1148086ae7be1e10c209ad1d5b54d91c8c7c651b11f99c6d01b7f79a84118212 Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47379 Malicious code in @art-ws/http-server (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1148086ae7be1e10c209ad1d5b54d91c8c7c651b11f99c6d01b7f79a84118212 Any computer that has this package installed or running should be considered fully compromised. All...

@art-ws/openapi (>=0.1.1 <=0.1.8) potentially affected by unknown CVE via @art-ws/fastify-http-server (>=2.0.15 <=2.0.23)

@art-ws/fastify-http-server NPM version =2.0.15, =0.1.1, =0.1.8 Source cves: unknown CVE Source advisory: SNYK:JS-ARTWSFASTIFYHTTPSERVER-12744474...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Medium: httpd

Issue Overview: A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue. CVE-2025-54090 Affected Packages: httpd Issue Correction: Run dnf update httpd --releasever 2023.8.202509...

Exploit for Path Traversal in Apache Http_Server

This is a PoC exploit for CVE-2021-41773, a remote code execution vulnerability in Apache HTTP Server versions 2.4.49 and 2.4.50. The exploit targets the CGI enabled feature of these versions, allowing an attacker to execute arbitrary code on the server. The exploit is written in Python and uses...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2025-2071)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3...

Linux Distros Unpatched Vulnerability : CVE-2021-23797

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is. CVE-2021-23797 Note that Nessus relies on the presence o...

httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption

An access control bypass vulnerability was found in Apache httpd. The Apache HTTP Server with some modssl configurations can bypass the access controls by trusted clients using TLS 1.3 session resumption. A client trusted to access one virtual host may be able to access another if...

Moderate: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PT-2025-36433

CVE-2025-58907 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-58907 Published : Sept. 6, 2025, 3:15 a.m. | 3 hours, 53 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-36450

CVE-2025-58912 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-58912 Published : Sept. 6, 2025, 3:15 a.m. | 3 hours, 53 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-36449

CVE-2025-58911 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-58911 Published : Sept. 6, 2025, 3:15 a.m. | 3 hours, 53 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

...

httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...