PT-2025-52482

CVE-2025-14828 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-14828 Published : Dec. 17, 2025, 7:16 p.m. | 48 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in th...

K000158206: Apache HTTP Server vulnerability CVE-2025-66200

Security Advisory Description moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7...

PT-2025-51262

CVE-2025-13832 - Apache HTTP Server Remote Code Execution Vulnerability CVE ID : CVE-2025-13832 Published : Dec. 13, 2025, 11:15 p.m. | 22 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for mo...

Apache HTTP Server: mod_md (ACME), unintended retry intervals

...

PT-2025-51118

CVE-2025-67686 - Apache HTTP Server Command Injection CVE ID : CVE-2025-67686 Published : Dec. 11, 2025, 4:15 a.m. | 1 hour, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-51120

CVE-2025-67688 - Apache HTTP Server Improper Input Validation CVE ID : CVE-2025-67688 Published : Dec. 11, 2025, 4:15 a.m. | 1 hour, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-51124

CVE-2025-67692 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-67692 Published : Dec. 11, 2025, 4:15 a.m. | 1 hour, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-51122

CVE-2025-67690 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-67690 Published : Dec. 11, 2025, 4:15 a.m. | 1 hour, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-51125

CVE-2025-67693 - Apache Apache HTTP Server Missing Authentication for Configuration CVE ID : CVE-2025-67693 Published : Dec. 11, 2025, 4:15 a.m. | 1 hour, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected...

PT-2025-50932

CVE-2025-67612 - Apache HTTP Server Cross-Site Scripting CVE ID : CVE-2025-67612 Published : Dec. 10, 2025, 4:15 a.m. | 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-50917

CVE-2025-67607 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-67607 Published : Dec. 10, 2025, 4:15 a.m. | 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Apache HTTP Server Cross-Site Request Forgery Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A cross-site request forgery vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause NTLM hash...

PT-2025-50928

CVE-2025-67608 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-67608 Published : Dec. 10, 2025, 4:15 a.m. | 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-36797

Name of the Vulnerable Software and Affected Versions Apache HTTP versions prior to 2.4.67 Description An escalation of privilege bug exists in various modules, including mod rewrite via ap expr, which allows local .htaccess authors to read files using the privileges of the httpd user...

PT-2025-50913

CVE-2025-67498 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-67498 Published : Dec. 9, 2025, 11:16 p.m. | 1 hour, 48 minutes ago Description : Rejected reason: Further research determined the issue is not a vulnerability. Severity: 0.0 | NA Visit the link for more details, such as...

PT-2025-50915

CVE-2025-67605 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-67605 Published : Dec. 10, 2025, 4:15 a.m. | 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-50930

CVE-2025-67610 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-67610 Published : Dec. 10, 2025, 4:15 a.m. | 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-36801

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.67 Description An out-of-bounds read issue exists in the mod proxy ajp module of Apache HTTP Server, specifically within AJP getter functions. This flaw allows a remote attacker to read memory outside t...

Apache HTTP Server Code Execution Vulnerability (CNVD-2025-30835)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A code execution vulnerability exists in Apache HTTP Server versions 2.4.7 through 2.4.65, which can be exploited by an attacker t...

BIT-APACHE-2025-58098 Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...