CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/06/03 12:0 a.m.•10 views

TencentOS Server 3: httpd:2.4 (TSSA-2026:0425)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0425 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.8CVSS6.8AI score0.04409EPSS

Exploits1References7

OSV•added 2026/05/15 2:1 p.m.•12 views

OESA-2026-2318 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...

IBM Security Bulletins•added 2026/05/11 10:12 p.m.•12 views

Exploits2References7

Security Bulletin: IBM HTTP Server is affected by multiple vulnerabilities

Summary IBM HTTP Server used by IBM WebSphere Application Server is affected by multiple vulnerabilities due to libexpat and the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2026-24072 DESCRIPTION: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier...

Exploits1Affected Software1

Positive Technologies•added 2026/05/07 12:0 a.m.•19 views

PT-2026-38461

Heap-based Buffer Overflow vulnerability in mod proxy ajp of Apache HTTP Server. If mod proxy ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod proxy ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This...

SUSE CVE•added 2026/05/06 1:44 a.m.•8 views

Exploits0References4

SUSE CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

6.5CVSS5.8AI score0.00717EPSS

Exploits0References8

EUVD•added 2026/05/06 12:31 a.m.•7 views

EUVD-2026-27506

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

5.8AI score0.00717EPSS

AlpineLinux•added 2026/05/05 9:29 p.m.•6 views

CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

Debian CVE•added 2026/05/05 9:29 p.m.•9 views

CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

OSV•added 2026/05/05 2:16 p.m.•3 views

ALPINE-CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

AlpineLinux•added 2026/05/05 1:10 p.m.•9 views

Exploits0References1

CVE-2026-29168

Debian CVE•added 2026/05/05 1:10 p.m.•8 views

CVE-2026-29168

Vulnrichment•added 2026/05/05 1:10 p.m.•8 views

CVE-2026-29168 Apache HTTP Server: mod_md unrestricted OCSP response

5.8AI score0.00628EPSS

Exploits0References1

ATTACKERKB•added 2026/05/05 1:10 p.m.•8 views

CVE-2026-29168

Exploits0References2Affected Software1

OSV•added 2026/05/05 8:39 a.m.•7 views

BIT-APACHE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions

Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

5.3CVSS5.8AI score0.00393EPSS

OSV•added 2026/05/05 8:39 a.m.•4 views

BIT-APACHE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

6.5CVSS5.8AI score0.00436EPSS

OSV•added 2026/05/05 8:39 a.m.•4 views

BIT-APACHE-2026-33007 Apache HTTP Server: mod_authn_socache crash

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.3CVSS5.8AI score0.00514EPSS