Lucene search
K

21 matches found

Amazon
Amazon
added 2026/05/26 12:0 a.m.12 views

Important: httpd

Issue Overview: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue. CVE-2026-24072 Heap-based Buffer...

9.8CVSS5.8AI score0.01325EPSS
Exploits2
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.8 views

CVE-2026-34059 affecting package httpd for versions less than 2.4.67-1

CVE-2026-34059 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS5.8AI score0.00394EPSS
Exploits0
NVD
NVD
added 2026/05/04 3:16 p.m.8 views

CVE-2026-29169

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...

7.5CVSS0.00594EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/04 12:37 p.m.29 views

EUVD-2026-26944

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

8.8CVSS5.8AI score0.00654EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:4 p.m.5 views

CVE-2026-25342

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kutethemes Boutique kute-boutique allows Reflected XSS.This issue affects Boutique: from n/a through 2.4.6...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.27 views

CVE-2026-25342 WordPress Boutique theme < 2.4.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kutethemes Boutique kute-boutique allows Reflected XSS.This issue affects Boutique: from n/a through 2.4.6...

7.1CVSS0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.1 views

CVE-2025-67547 WordPress Konte theme <= 2.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Konte: from n/a through = 2.4.6...

6.5CVSS5.3AI score0.00309EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/02 7:47 p.m.6 views

WordPress HT Mega - Absolute Addons For Elementor plugin <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox Widget vulnerability

WordPress HT Mega - Absolute Addons For Elementor plugin = 2.4.6 - Authenticated Contributor+ Stored Cross-Site Scripting via Lightbox Widget vulnerability discovered by wesley wcraft in WordPress Plugin HT Mega versions = 2.4.6...

6.4CVSS5.2AI score0.0032EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/16 11:57 a.m.4 views

OESA-2026-1066 fluidsynth security update

FluidSynth is a free software synthesizer. Its currently based on the SoundFont 2 specifications and supports real time MIDI effect controls. It can be used as a shared library for embedding in other applications, can play MIDI files and has a command line shell. Many other applications use...

7.5CVSS7AI score0.00414EPSS
Exploits1References2
NVD
NVD
added 2026/01/14 5:16 p.m.5 views

CVE-2026-22779

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

6.3CVSS0.00307EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/14 4:49 p.m.20 views

CVE-2026-22779 BlackSheep ClientSession is vulnerable to CRLF injection

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests e.g. insert a new...

6.3CVSS0.00307EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/16 9:31 a.m.2 views

EUVD-2025-203546

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Stockholm Core stockholm-core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through = 2.4.6...

7.5CVSS6.6AI score0.00328EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/09/27 11:2 p.m.4 views

CVE-2025-11083

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public an...

7.8CVSS5.7AI score0.00235EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2025/09/16 8:3 a.m.4 views

CVE-2025-5519

Insertion of Sensitive Information Into Sent Data vulnerability in ArgusTech BILGER allows Choosing Message Identifier. This issue affects BILGER: before 2.4.6...

6.5CVSS5.4AI score0.00335EPSS
Exploits0References3
OSV
OSV
added 2025/05/19 3:15 p.m.4 views

CVE-2025-48253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Free Shipping Bar: Amount Left for Free Shipping for WooCommerce allows Stored XSS. This issue affects Free Shipping Bar: Amount Left for Free Shipping for WooCommerce: from n/a through...

5.4CVSS5.8AI score0.00216EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2024/12/06 4:38 p.m.1 views

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.46.3 bsc1232747: CVE-2024-44244: Processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-44296: Processing maliciously crafted web content may prevent Content Security Policy from bein...

6.5CVSS7.3AI score0.0095EPSS
Exploits0References10
OSV
OSV
added 2024/11/13 2:15 a.m.3 views

CVE-2024-10851

The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to injec...

6.1CVSS7.4AI score0.00491EPSS
Exploits0References3
OSV
OSV
added 2024/07/18 10:15 a.m.6 views

AZL-43414 CVE-2024-40725 affecting package httpd for versions less than 2.4.62-1

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

5.3CVSS6.4AI score0.04134EPSS
Exploits3References1
OSV
OSV
added 2024/05/02 5:15 p.m.4 views

CVE-2024-2085

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' value in several widgets all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.9AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2024/02/15 2:15 p.m.5 views

CVE-2024-20716

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the applicatio...

4.9CVSS5.8AI score0.00874EPSS
Exploits0References1
Rows per page
Query Builder