Exploit for Double Free in Apache Http_Server

CVE-2026-23918 — Apache modhttp2 Double Free Affected: A...

Exploit for Double Free in Apache Http_Server

CVE-2026-23918 Double-free in Apache httpd modhttp2 stream c...

Exploit for Observable Timing Discrepancy in Apache Http_Server

CTT-enhanced-Apache-modauthdigest-timing-attack-exploit CTT-...

PT-2026-38462

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

PT-2026-38461

Heap-based Buffer Overflow vulnerability in mod proxy ajp of Apache HTTP Server. If mod proxy ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod proxy ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This...

DEBIAN-CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

DEBIAN-CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

BIT-APACHE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions

Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

BIT-APACHE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

BIT-APACHE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

SUSE CVE-2026-23918

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

Linux Distros Unpatched Vulnerability : CVE-2026-34059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67,...

ALPINE-CVE-2026-23918

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-23918

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-29169

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...

CVE-2026-29169

CVE-2026-29169 : A NULL pointer dereference in mod_dav_lock of Apache HTTP Server 2.4.66 and earlier can crash the server when handling a malicious request. mod_dav_lock is not used internally by mod_dav or mod_dav_fs; the only known use-case was with mod_dav_svn from Apache Subversion (earlier t...

CVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

EUVD-2026-26965

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-34059

Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...