CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1157 matches found

OSV•added 2026/05/22 1:17 p.m.•1 views

OESA-2026-2385 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through...

7.5CVSS7.3AI score0.00406EPSS

Exploits0References3

OSV•added 2026/05/22 1:17 p.m.•3 views

OESA-2026-2384 trafficserver security update

7.5CVSS5.8AI score0.00406EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в puma

Puma is an HTTP 1.1 server for Ruby/Rack applications. Before versions 5.5.1 and 4.3.9, using “puma” with a proxy that forwards HTTP header values containing the LF character could lead to HTTP request smuggling. A client could secretly send a request through a proxy, causing the proxy to send a...

3.7CVSS6.7AI score0.00288EPSS

Exploits0References1

Tenable Nessus•added 2026/04/28 12:0 a.m.•1 views

Fedora 44 : trafficserver (2026-7839a46d9d)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7839a46d9d advisory. Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling...

7.5CVSS8.1AI score0.00406EPSS

Exploits0References3

OpenVAS•added 2026/04/13 12:0 a.m.•0 views

Fedora: Security Advisory (FEDORA-2026-7b719a7a58)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.8AI score0.00406EPSS

Exploits0References3

Fedora•added 2026/04/12 3:38 p.m.•1 views

[SECURITY] Fedora 43 Update: trafficserver-10.1.2-1.fc43

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

7.5CVSS5.8AI score0.00406EPSS

Exploits0

Tenable Nessus•added 2026/04/12 12:0 a.m.•4 views

Fedora 42 : trafficserver (2026-a157bd84c4)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a157bd84c4 advisory. Resolves: CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling...

7.5CVSS6.1AI score0.00406EPSS

Exploits0References3

Tenable Nessus•added 2026/04/05 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-65114

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0...

7.5CVSS5.9AI score0.00298EPSS

Exploits0References3

Tenable Nessus•added 2026/04/05 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2025-58136

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 throug...

7.5CVSS5.9AI score0.00406EPSS

Exploits0References3

RedhatCVE•added 2026/04/03 10:29 p.m.•2 views

CVE-2025-58136

A flaw was found in Apache Traffic Server. A remote attacker can exploit a bug in the POST request handling mechanism, which, under certain conditions, causes the server to crash. This vulnerability can lead to a Denial of Service DoS, making the affected service unavailable to legitimate users...

7.5CVSS5.9AI score0.00406EPSS

Exploits0References2

RedhatCVE•added 2026/04/03 10:22 p.m.•1 views

CVE-2025-65114

A flaw was found in Apache Traffic Server. This vulnerability allows a remote attacker to perform request smuggling by sending malformed chunked messages. Request smuggling can lead to bypassing security controls and potentially unauthorized access to sensitive information or services. Mitigation...

7.5CVSS5.8AI score0.00298EPSS

Exploits0References2

EUVD•added 2026/04/02 6:31 p.m.•2 views

EUVD-2025-209190

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue...

7.5CVSS5.8AI score0.00298EPSS

Exploits0References2

EUVD•added 2026/04/02 6:31 p.m.•2 views

EUVD-2025-209188

A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to...

7.5CVSS5.9AI score0.00406EPSS

Exploits0References2