Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/04/24 2:48 p.m.2 views

CVE-2026-40611

A flaw was found in lego, the Let's Encrypt client and ACME library written in Go. A malicious ACME Automated Certificate Management Environment server can exploit a path traversal vulnerability in the webroot HTTP-01 challenge provider. By supplying a specially crafted challenge token containing...

8.8CVSS5.6AI score0.00054EPSS
Exploits0References4
OSV
OSVadded 2026/04/16 9:28 p.m.0 views

GHSA-QQX8-2XMM-JRV8 ACME Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider

Summary The webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to write attacker-influenced content to any path writable by the lego...

8.8CVSS6.5AI score0.00054EPSS
Exploits0References3
Oracle linux
Oracle linuxadded 2021/11/18 12:0 a.m.114 views

httpd:2.4 security update

httpd 2.4.37-43.0.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html. 2.4.37-43 - Related: 2007235 - CVE-2021-40438 httpd:2.4/httpd: modproxy: SSRF via a crafted request uri-path 2.4.37-42 - Resolves: 2007235 - CVE-2021-40438...

10CVSS9.2AI score0.94432EPSS
Exploits7
Oracle linux
Oracle linuxadded 2021/11/16 12:0 a.m.69 views

httpd:2.4 security, bug fix, and enhancement update

httpd 2.4.37-41.0.1 - Add checks on the configured UDS path Orabug: 33412270CVE-2021-40438 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracles index page oracleindex.html 2.4.37-41 - Resolves: 1680111 - httpd sends reply to HTTPS GET using two TLS records -...

9CVSS7.8AI score0.94432EPSS
Exploits7
Oracle linux
Oracle linuxadded 2020/11/10 12:0 a.m.128 views

httpd:2.4 security, bug fix, and enhancement update

httpd 2.4.37-13.0.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracles index page oracleindex.html 2.4.37-30 - Resolves: 1209162 - support logging to journald from CustomLog 2.4.37-29 - Resolves: 1823263 CVE-2020-1934 - CVE-2020-1934 httpd: modproxyftp use o...

9.1CVSS0.1AI score0.82379EPSS
Exploits6
Filippo.io
Filippo.ioadded 2019/01/07 2:8 a.m.99 views

mkcert: valid HTTPS certificates for localhost

or for any other names The web is moving to HTTPS, preventing network attackers from observing or injecting page contents. But HTTPS needs TLS certificates, and while deployment is increasingly a solved issue thanks to the ACME protocol and Let's Encrypt, development still mostly ends up happenin...

7AI score
Exploits0
securityvulns
securityvulnsadded 2001/06/02 12:0 a.m.45 views

Acme.Server v1.7 of 13nov96 Directory Browsing

---------------------------------------------------------------------- Date: 31.05.2001 Affected Software: Acme.Serve v1.7 of 13nov96 http://www.acme.com Exploit: Browsing of directories and files allowed to unauthorized users Keywords: Cisco Secure Administration, Netscape FastTrack, ... Contact...

2.3AI score
Exploits0
Rows per page
Query Builder