CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1182 matches found

RedHat Linux•added 2026/02/23 7:20 p.m.•0 views

mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals

An integer overflow flaw has been discovered in the Apache HTTP server. The integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated...

7.5CVSS5.8AI score0.00048EPSS

Exploits0References5

RedHat Linux•added 2026/02/23 7:20 p.m.•0 views

httpd: Apache HTTP Server: CGI environment variable override

A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...

6.5CVSS5.7AI score0.00145EPSS

Exploits0References5

RedHat Linux•added 2026/02/23 7:19 p.m.•3 views

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP3 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 3 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS7.3AI score0.02889EPSS

Exploits7References9

Debian CVE•added 2026/02/17 6:48 p.m.•5 views

CVE-2025-66614

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...

9.1CVSS7.1AI score0.00051EPSS

Exploits0

Positive Technologies•added 2026/02/14 12:0 a.m.•3 views

PT-2026-8290

CVE-2026-26300 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2026-26300 Published : Feb. 14, 2026, 4:15 a.m. | 1 hour, 26 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/14 12:0 a.m.•3 views

PT-2026-8287

CVE-2026-26297 - Apache HTTP Server File Inclusion CVE ID : CVE-2026-26297 Published : Feb. 14, 2026, 4:15 a.m. | 1 hour, 26 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/13 12:0 a.m.•4 views

PT-2026-8276

CVE-2025-58184 - Apache HTTP Server Reserved but Not Needed Information Disclosure CVE ID : CVE-2025-58184 Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago Description : Rejected reason: reserved but not needed Severity: 0.0 | NA Visit the link for more details, such as CVSS details...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/13 12:0 a.m.•1 views

PT-2026-8270

CVE-2024-34157 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2024-34157 Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago Description : Rejected reason: reserved but not needed Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/13 12:0 a.m.•3 views

PT-2026-8233

CVE-2026-26257 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-26257 Published : Feb. 13, 2026, 4:15 a.m. | 3 hours, 16 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/12 12:0 a.m.•1 views

PT-2026-8170

CVE-2026-26088 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2026-26088 Published : Feb. 12, 2026, 5:17 a.m. | 2 hours, 9 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/11 12:0 a.m.•1 views

PT-2026-7982

CVE-2026-26044 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-26044 Published : Feb. 11, 2026, 5:16 a.m. | 2 hours, 4 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/11 12:0 a.m.•4 views

PT-2026-7974

CVE-2026-26036 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2026-26036 Published : Feb. 11, 2026, 5:16 a.m. | 2 hours, 5 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/10 12:0 a.m.•1 views

PT-2026-7824

CVE-2026-25977 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-25977 Published : 2026年2月10日 05:16 | 1 小时，59 分钟 ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/10 12:0 a.m.•3 views

PT-2026-7820

CVE-2026-25973 - "Apache HTTP Server Cross-Site Request Forgery" CVE ID : CVE-2026-25973 Published : 2026年2月10日 05:16 | 1 小时，59 分钟 ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/06 12:0 a.m.•2 views

PT-2026-6953

CVE-2026-25696 - Apache HTTP Server Command Injection CVE ID : CVE-2026-25696 Published : Feb. 6, 2026, 4:15 a.m. | 32 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.5AI score

Exploits0References1

Veracode•added 2026/02/05 6:32 a.m.•5 views

Integer Overflow

Apache HTTP Server is vulnerable to an integer overflow. The vulnerability is due to an integer overflow in the ACME certificate renewal backoff logic after repeated renewal failures, which allows an attacker or misconfiguration to trigger continuous, delay-free renewal attempts...

7.5CVSS7.6AI score0.00048EPSS

Exploits0References3Affected Software2

Veracode•added 2026/02/05 5:42 a.m.•4 views

Server-Side Request Forgery (SSRF)

Apache HTTP Server is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of encoded and merged slashes when AllowEncodedSlashes is enabled and MergeSlashes is disabled on Windows, which allows an attacker to exploit crafted requests or malicious content ...

7.5CVSS7.3AI score0.00064EPSS

Exploits0References3Affected Software1

Broadcom•added 2026/01/27 12:0 a.m.•11 views

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...

7.3CVSS7.2AI score0.04473EPSS

Exploits0

Rosalinux•added 2026/01/26 8:35 a.m.•5 views

Advisory ROSA-SA-2026-3115

software: apache 2.4.66 OS: ROSA-CHROME unaffected versions = apache-2.4.66-1 affected versions apache-2.4.66-1 CVE-ID: CVE-2025-66200 BDU-ID: 2025-15638 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the moduserdir module of the Apache HTTP Server web server involves bypassing the authentication...

8.3CVSS6.2AI score0.00145EPSS

Exploits0

Positive Technologies•added 2026/01/22 12:0 a.m.•5 views

PT-2026-4607

CVE-2023-32718 - Apache HTTP Server Cross-Site Scripting CVE ID : CVE-2023-32718 Published : Jan. 22, 2026, 10:16 a.m. | 50 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. Severity: 0.0 | NA Visit the link for more details, such as CVSS...

5.4AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by