CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2025/10/01 12:0 a.m.•1 views

PT-2025-40442

CVE-2025-61715 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-61715 Published : Oct. 1, 2025, 3:15 a.m. | 2 hours, 24 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

6.4AI score

Positive Technologies•added 2025/09/26 12:0 a.m.•3 views

PT-2025-39779

CVE-2025-60031 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-60031 Published : Sept. 26, 2025, 3:15 a.m. | 4 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

6.4AI score

Positive Technologies•added 2025/09/24 12:0 a.m.•3 views

PT-2025-39525

CVE-2025-59930 - Apache HTTP Server Authorization Bypass CVE ID : CVE-2025-59930 Published : Sept. 24, 2025, 3:15 a.m. | 4 hours, 7 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

6.4AI score

OSV•added 2025/09/16 2:0 p.m.•3 views

CLSA-2025-1758031207 httpd: Fix of 2 CVEs

CVE-2024-47252: escape characters are now properly handled in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to mitigate HTTP desynchronisation attack...

7.5CVSS7.1AI score0.00651EPSS

RedHat Linux•added 2025/09/15 1:29 a.m.•0 views

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...

7.5CVSS5.8AI score0.02675EPSS

Gitee•added 2025/09/14 9:55 a.m.•81 views

Exploit for OS Command Injection in Gnu Bash

PoC exploit for CVE-2014-6271 Shellshock. The target product/service is Apache httpd, and the vulnerability class/vector is RCE Remote Code Execution via environment variable manipulation. The probable entry point is the CGI Common Gateway Interface handler. Notable dependencies/tooling include t...

10CVSS8.5AI score0.9422EPSS

Exploits130

RedHat Linux•added 2025/09/11 2:40 p.m.•4 views

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

7.5CVSS5.8AI score0.00651EPSS

RedHat Linux•added 2025/09/11 10:36 a.m.•0 views

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

7.5CVSS5.8AI score0.02675EPSS

RedHat Linux•added 2025/09/11 10:36 a.m.•6 views

Moderate: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

9.1CVSS7.4AI score0.02675EPSS

Exploits1References5

RedHat Linux•added 2025/09/08 7:4 p.m.•1 views

httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

RedHat Linux•added 2025/09/02 3:43 a.m.•2 views

httpd: HTTP Session Hijack via a TLS upgrade

RedHat Linux•added 2025/09/02 2:58 a.m.•7 views

httpd: HTTP Session Hijack via a TLS upgrade

Positive Technologies•added 2025/09/02 12:0 a.m.•1 views

PT-2025-35841

CVE-2025-58416 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-58416 Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

6.6AI score

Positive Technologies•added 2025/08/29 12:0 a.m.•1 views

PT-2025-35408

CVE-2025-58333 - Apache HTTPD Cross-Site Request Forgery CVE ID : CVE-2025-58333 Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

6.7AI score

RedHat Linux•added 2025/08/28 4:57 p.m.•3 views

httpd: HTTP Session Hijack via a TLS upgrade