Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests ca...

ALSA-2026:21433 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due to missing null-termination...

PT-2026-43620

Threat Intel May 26, 2026 Vulnerability Intelligence Briefing Curated from daily vulnerability intelligence monitoring and exploitation telemetry analysis by cvelogic. --- 1. Known Exploited Vulnerabilities CISA KEV CVE-2026-48172 LiteSpeed cPanel Plugin Added to the CISA KEV catalog following...

Amazon Linux 2 : httpd, --advisory ALAS2-2026-3314 (ALAS-2026-3314)

The version of httpd installed on the remote host is prior to 2.4.67-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3314 advisory. An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read...

Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due to missing null-termination...

Amazon Linux 2023 : mod_http2 (ALAS2023-2026-1724)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1724 advisory. Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes...

CVE-2026-8855

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication client authentication...

CVE-2026-8854

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modmemcache...

CVE-2026-8856

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration...

CVE-2026-8834

IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service...

CVE-2026-8850

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modibmupload...

CVE-2026-8852

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modfastcgi module...

CVE-2026-8835 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service...

CVE-2026-8835 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service...

EUVD-2026-31918

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service...

CVE-2026-8834

CVE-2026-8834 affects IBM HTTP Server versions 8.5 and 9.0. The issue is a buffer overflow in the server, which could be exploited by a privileged user authenticated to the Administration Server to execute remote code or cause a denial of service. The CVSS metrics indicate an adjacent attack vect...

EUVD-2026-31917

IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service...

CVE-2026-8834 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service...

CVE-2026-8834 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service...

EUVD-2026-31905

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication client authentication...