1071 matches found
Apache2 - Transfer-Encoding Chunked XSS
Apache2 PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 contain a reflected cross-site scripting vulnerability caused by mishandling of chunked transfer-encoding requests in sapi/apache2handler/sapiapache2.c. Attackers can execute malicious scripts via crafted...
Linux Distros Unpatched Vulnerability : CVE-2026-48827
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload- pack, git-receive-pack, and other git operations allows...
Exploit for CVE-2026-8732
CVE-2026-8732 - WP Maps Pro &checktemp=false' 3. Login via...
USN-8338-2: Apache HTTP Server regression
USN-8338-1 fixed vulnerabilities in Apache HTTP Server. The update introduced a regression that prevented modhttp2 from loading on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server incorrectly...
USN-8338-2 apache2 regression
USN-8338-1 fixed vulnerabilities in Apache HTTP Server. The update introduced a regression that prevented modhttp2 from loading on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server incorrectly...
httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check
A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...
PT-2026-43619
Threat Intel May 26, 2026 Vulnerability Intelligence Briefing Curated from daily vulnerability intelligence monitoring and exploitation telemetry analysis by cvelogic. --- 1. Known Exploited Vulnerabilities CISA KEV CVE-2026-48172 LiteSpeed cPanel Plugin Added to the CISA KEV catalog following...
PT-2026-44748
CVE-2026-8680 - Apache HTTP Server Remote Code Execution CVE ID :CVE-2026-8680 Published : May 26, 2026, 11:16 p.m. | 54 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more details, such as...
OPENSUSE-SU-2026:20810-1 Security update for apache2
This update for apache2 fixes the following issues: Changes in apache2: Version update to 2.4.66 jscPED-16181 SECURITY: CVE-2025-66200: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo. moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server...
SUSE-SU-2026:21846-1 Security update for apache2
This update for apache2 fixes the following issues: Changes in apache2: Version update to 2.4.66 jscPED-16181 SECURITY: CVE-2025-66200: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo. moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server...
PT-2026-44504
CVE-2026-43919 - Apache HTTP Server Remote Code Execution Vulnerability CVE ID :CVE-2026-43919 Published : May 26, 2026, 3:16 p.m. | 53 minutes ago Description :Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-43918. Reason: This candidate is a duplicate of...
PT-2026-44505
CVE-2026-43919 - Apache HTTP Server Remote Code Execution Vulnerability CVE ID :CVE-2026-43919 Published : May 26, 2026, 3:16 p.m. | 53 minutes ago Description :Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-43918. Reason: This candidate is a duplicate of...
PT-2026-44501
CVE-2026-42347 - Apache HTTP Server Authentication Bypass CVE ID :CVE-2026-42347 Published : May 26, 2026, 3:16 p.m. | 53 minutes ago Description :Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-28496. Reason: This candidate is a duplicate of CVE-2026-28496. Notes:...
Astra Linux - уязвимость в apache2
In some modssl configurations of the Apache HTTP Server, from versions up to 2.4.63, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session through a TLS upgrade. Only configurations that use “SSLEngine optional” to enable TLS upgrades are affected. Users a...
Astra Linux - уязвимость в apache2
A regression in Apache HTTP Server 2.4.60 ignores some uses of the legacy content-type-based configuration for handlers. Configurations like “AddType” and similar settings, under certain circumstances where files are requested indirectly, lead to exposure of local content in the source code. For...
Astra Linux - уязвимость в apache2
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a Lua script that calls r:parsebody0 may cause a denial of service due to the lack of a default limit on the possible input size...
Astra Linux - уязвимость в apache2
If the Apache HTTP Server 2.4.53 is configured to perform transformations using modsed, especially in contexts where the input to modsed can be very large, modsed may cause excessive memory allocation and trigger an abort...
Astra Linux - уязвимость в apache2
In the Apache HTTP Server with modproxy loaded, SSRF allows an attacker to send outbound proxy requests to a URL controlled by the attacker. This requires a unusual configuration where modheaders is used to modify the Content-Type header of the request or response, with a value provided in the HT...
Astra Linux - уязвимость в apache2
An attacker who opened an HTTP/2 connection with an initial window size of 0 was able to block the handling of that connection indefinitely in the Apache HTTP Server. This could be used to exhaust server resources, similar to the well-known “slow loris” attack pattern. This issue has been fixed i...
Astra Linux - уязвимость в apache2
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch, especially when an extremely large input buffer is used. Although no code distributed with the server can be forced to make such a call, third-party modules or Lua scripts that us...