Lucene search
K

169 matches found

BDU FSTEC
BDU FSTEC
added 2026/05/08 12:0 a.m.1 views

The vulnerability of the mod_proxy_ajp() module in the Apache HTTP Server allows a hacker to cause a service failure.

The vulnerability of the modproxyajp module in the Apache HTTP Server is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

10CVSS6AI score0.01325EPSS
Exploits0References4Affected Software2
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:11 a.m.13 views

Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()

...

7.5CVSS5.8AI score0.00394EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/06 7:55 p.m.16 views

USN-8239-1: Apache HTTP Server vulnerabilities

Bartlomiej Dmitruk and Stanislaw Strzalkowski discovered that Apache HTTP Server incorrectly handled certain memory operations when using the HTTP/2 protocol. A remote attacker could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly execute arbitra...

9.8CVSS6.3AI score0.4581EPSS
Exploits18
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-28780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a...

9.8CVSS5.4AI score0.01325EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2026/05/06 12:0 a.m.1 views

The vulnerability of the mod_proxy_ajp() function in the Apache HTTP Server allows a hacker to disclose confidential information.

The vulnerability of the modproxyajp function in the Apache HTTP Server is related to reading data beyond the allowed range of memory. Exploiting this vulnerability could allow a remote attacker to disclose confidential information...

5.3CVSS6AI score0.00393EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/05/05 10:16 p.m.9 views

DEBIAN-CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

9.8CVSS5.8AI score0.01325EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 10:16 p.m.16 views

CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

9.8CVSS0.01325EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2026/05/05 9:29 p.m.10 views

CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

9.8CVSS5.8AI score0.01325EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/05 9:29 p.m.6 views

CVE-2026-28780 Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

5.8AI score0.01325EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 8:39 a.m.7 views

BIT-APACHE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions

Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

5.3CVSS5.8AI score0.00393EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 1:44 a.m.7 views

CLSA-2026-1777945456 httpd: Fix of 2 CVEs

CVE-2024-42516: fix HTTP response splitting in core httpd via header merging refactor in modules/http/httpfilters.c - CVE-2024-43204: fix SSRF in modproxy when modheaders is configured to modify Content-Type from request input...

7.5CVSS5.8AI score0.00772EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 1:7 p.m.16 views

CVE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions

Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

5.8AI score0.00393EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.22 views

LiteLLM 1.82.7 / 1.82.8 Supply Chain Compromise (GHSA-5mg7-485q-xm76)

The version of the LiteLLM Python package installed on the remote host is 1.82.7 or 1.82.8. These versions were published to PyPI by a threat actor known as TeamPCP using compromised maintainer credentials obtained through the Aqua Security Trivy supply chain attack. The malicious releases contai...

9.4CVSS7.7AI score0.60368EPSS
Exploits2References4
Microsoft CVE
Microsoft CVE
added 2026/03/27 8:2 a.m.4 views

NGINX ngx_mail_proxy_module vulnerability

...

6.3CVSS5.8AI score0.00264EPSS
Exploits0
OSV
OSV
added 2026/03/27 7:10 a.m.4 views

BIT-NGINX-GATEWAY-2026-28753 NGINX ngx_mail_proxy_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

6.3CVSS6AI score0.00264EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 7:10 a.m.1 views

BIT-NGINX-2026-28753 NGINX ngx_mail_proxy_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

6.3CVSS6AI score0.00264EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/18 4:41 a.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 4:41 a.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 4:41 a.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 4:41 a.m.1 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
Rows per page
Query Builder