libsoup: Out of bounds reads in soup_headers_parse_request()

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

Moderate: Red Hat Security Advisory: mod_auth_openidc:2.3 security update

An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

libsoup: Out of bounds reads in soup_headers_parse_request()

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

About Remote Code Execution & Arbitrary File Reading – Apache HTTP Server (CVE-2024-38475) vulnerability

About Remote Code Execution & Arbitrary File Reading - Apache HTTP Server CVE-2024-38475 vulnerability. Improper escaping of output in modrewrite module leads to remote code execution or arbitrary file reading. Successful exploitation does not require authentication. Apache HTTP Server 2.4.60,...

PT-2025-20441 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an authentication bypass in the Apache HTTP Server. No specific details about the estimated number of potentially affected devices or real-world incidents are...

PT-2025-20322 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a remote command execution in the Apache HTTP Server. No specific details about the number of potentially affected devices or real-world incidents are provided...

PT-2025-20003 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a Cross-Site Request Forgery CSRF in the Apache HTTP Server. No information is provided about the estimated number of potentially affected devices worldwide or...

PT-2025-20323 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue is related to a Cross-Site Request Forgery in the Apache HTTP Server. No specific details about the estimated number of potentially affected devices worldwide or...

PT-2025-20001 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns unvalidated user input. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issu...

PT-2025-20002 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns unvalidated user input. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issu...

goshs 访问控制错误漏洞

goshs is a simple HTTP Server written in Go by Patrick Hener Personal Developer. An access control error vulnerability exists in goshs versions prior to 1.0.5 that stems from not checking the cli option -c, which could lead to arbitrary command execution...

Moderate: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS via Empty POST in modauthopenidc with OIDCPreservePost Enabled...

ALSA-2025:4597 Moderate: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS via Empty POST in modauthopenidc with OIDCPreservePost Enabled...

libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

libsoup: Out of bounds reads in soup_headers_parse_request()

A flaw was found in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604 !imagehttps://github.com/user-attachments/ass...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a sensitive information exposure in Twisted [CVE-2024-41671]

Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in Twisted, caused by a flaw in HTTP 1.0 and 1.1 server CVE-2024-41671. Twisted is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation...

Apache HTTP Server Improper Escaping of Output Vulnerability

Apache HTTP Server contains an improper escaping of output vulnerability in modrewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code...

USN-7469-4: H2O vulnerability

USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update provides the corresponding updates for H2O. Original advisory details: It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to...