PT-2025-32253 · Undefined · Undefined

CVE-2025-54976 - Apache HTTP Server Unvalidated User Input Leads to Remote Command Execution CVE ID : CVE-2025-54976 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details,...

PT-2025-32255 · Undefined · Undefined

CVE-2025-54978 - Apache HTTP Server HTTP Header Injection CVE ID : CVE-2025-54978 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-32212 · Undefined · Undefined

CVE-2025-54974 - Apache HTTP Server Denial of Service CVE ID : CVE-2025-54974 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-32256 · Undefined · Undefined

CVE-2025-54979 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-54979 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2013-10047

An unrestricted file upload vulnerability exists in MiniWeb HTTP Server = Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a malicious .exe in system32,...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2025-1125)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1125 advisory. HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the...

Amazon Linux 2 : httpd (ALAS-2025-2958)

The version of httpd installed on the remote host is prior to 2.4.64-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2958 advisory. HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response...

PT-2025-32150 · Nvidia · Nvidia Triton Inference Server

Name of the Vulnerable Software and Affected Versions: NVIDIA Triton Inference Server versions prior to 25.07 Description: NVIDIA Triton Inference Server contains a vulnerability in the HTTP server that allows an attacker to initiate a reverse shell by sending a crafted HTTP request. Successful...

CVE-2013-10047

An unrestricted file upload vulnerability exists in MiniWeb HTTP Server = Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a malicious .exe in system32,...

CVE-2013-10047

CVE-2013-10047 affects MiniWeb HTTP Server up to Build 300. An unrestricted file upload with path traversal lets unauthenticated remote attackers drop a .exe in System32 and a .mof in the WMI directory, enabling payload execution with SYSTEM privileges via WMI on Windows versions before Vista. Mu...

CVE-2013-10047 MiniWeb <= Build 300 Arbitrary File Upload

An unrestricted file upload vulnerability exists in MiniWeb HTTP Server = Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a malicious .exe in system32,...

PT-2025-31684 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: MiniWeb HTTP Server versions prior to and including Build 300 Description: An unrestricted file upload vulnerability exists that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the uplo...

PT-2025-31769 · Undefined · Undefined

CVE-2025-54840 - Apache HTTP Server Denial of Service CVE ID : CVE-2025-54840 Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-31711 · Undefined · Undefined

CVE-2025-7356 - CVE-2020-29461: Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-7356 Published : July 30, 2025, 11:15 p.m. | 2 hours, 47 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the li...

CVE-2025-30133

An issue was discovered on IROAD Dashcam FX2 devices. Bypass of Device Pairing/Registration can occur. It requires device registration via the "IROAD X View" app for authentication, but its HTTP server lacks this restriction. Once connected to the dashcam's Wi-Fi network via the default password...

K000152805: Apache HTTPD vulnerability CVE-2025-53020

Security Advisory Description Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue. CVE-2025-53020 Impact There is no impact; ...

mod_proxy_cluster bug fix update

An update is available for modproxycluster. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modproxycluster module is a plugin for the Apache HTTP Server tha...

mod_auth_openidc:2.3 security update

An update is available for module.cjose, module.modauthopenidc, modauthopenidc, cjose. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modauthopenidc is an...

RLSA-2025:3997 Important: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak...

RLSA-2025:4597 Moderate: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS via Empty POST in modauthopenidc with OIDCPreservePost Enabled...