CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1187 matches found

RedhatCVE•added 2026/02/26 4:15 a.m.•4 views

CVE-2026-27636

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in app/Misc/Helper.php does not include .htaccess or .user.ini files. On Apache servers with AllowOverride All a common configuration, an...

9.8CVSS5.7AI score0.02121EPSS

Exploits4References1

CVE•added 2026/02/25 3:41 a.m.•16 views

CVE-2026-27636

FreeScout has two combined CVEs affecting prior to 1.8.206. CVE-2026-27636 stems from an incomplete file restriction list: .htaccess and .user.ini are not blocked, allowing an authenticated user to upload a script on Apache with AllowOverride All and potentially achieve Remote Code Execution. CV...

8.8CVSS5.7AI score0.02121EPSS

Exploits3References3Affected Software1

OSV•added 2026/02/25 3:41 a.m.•2 views

CVE-2026-27636 FreeScout: Missing .htaccess in Restricted File Extensions Allows Remote Code Execution on Apache

8.8CVSS5.9AI score0.02121EPSS

Exploits3References5

ATTACKERKB•added 2026/02/25 3:41 a.m.•4 views

CVE-2026-27636

9.8CVSS5.7AI score0.02121EPSS

Exploits4References5Affected Software1

Vulnrichment•added 2026/02/25 3:41 a.m.•3 views

CVE-2026-27636 FreeScout: Missing .htaccess in Restricted File Extensions Allows Remote Code Execution on Apache

8.8CVSS5.7AI score0.02121EPSS

Exploits3References3

Positive Technologies•added 2026/02/25 12:0 a.m.•5 views

PT-2026-21853

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.206 Description FreeScout, a PHP-based help desk and shared inbox application built on the Laravel framework, contains a flaw in its file upload restrictions. Prior to version 1.8.206, the application does not...

8.8CVSS5.7AI score0.02121EPSS

Exploits3References30

RedHat Linux•added 2026/02/23 7:20 p.m.•2 views

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

8.3CVSS5.7AI score0.015EPSS

Exploits0References5

RedHat Linux•added 2026/02/23 7:20 p.m.•0 views

httpd: Apache HTTP Server: CGI environment variable override

A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...

6.5CVSS5.7AI score0.00758EPSS

Exploits0References5

RedHat Linux•added 2026/02/23 7:20 p.m.•1 views

mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals

An integer overflow flaw has been discovered in the Apache HTTP server. The integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated...

7.5CVSS5.8AI score0.00402EPSS

Exploits0References5

RedHat Linux•added 2026/02/23 7:19 p.m.•3 views

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP3 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 3 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS7.3AI score0.48666EPSS

Exploits7References9

Debian CVE•added 2026/02/17 6:48 p.m.•5 views

CVE-2025-66614

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...

9.1CVSS7.1AI score0.00235EPSS

Exploits0

Positive Technologies•added 2026/02/14 12:0 a.m.•3 views

PT-2026-8287

CVE-2026-26297 - Apache HTTP Server File Inclusion CVE ID : CVE-2026-26297 Published : Feb. 14, 2026, 4:15 a.m. | 1 hour, 26 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/14 12:0 a.m.•4 views

PT-2026-8290

CVE-2026-26300 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2026-26300 Published : Feb. 14, 2026, 4:15 a.m. | 1 hour, 26 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/13 12:0 a.m.•4 views

PT-2026-8233

CVE-2026-26257 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-26257 Published : Feb. 13, 2026, 4:15 a.m. | 3 hours, 16 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/13 12:0 a.m.•2 views

PT-2026-8270

CVE-2024-34157 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2024-34157 Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago Description : Rejected reason: reserved but not needed Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/13 12:0 a.m.•4 views

PT-2026-8276

CVE-2025-58184 - Apache HTTP Server Reserved but Not Needed Information Disclosure CVE ID : CVE-2025-58184 Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago Description : Rejected reason: reserved but not needed Severity: 0.0 | NA Visit the link for more details, such as CVSS details...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/12 12:0 a.m.•3 views

PT-2026-8170

CVE-2026-26088 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2026-26088 Published : Feb. 12, 2026, 5:17 a.m. | 2 hours, 9 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/11 12:0 a.m.•3 views

PT-2026-7982

CVE-2026-26044 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-26044 Published : Feb. 11, 2026, 5:16 a.m. | 2 hours, 4 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/11 12:0 a.m.•5 views

PT-2026-7974

CVE-2026-26036 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2026-26036 Published : Feb. 11, 2026, 5:16 a.m. | 2 hours, 5 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.5AI score

Exploits0References1

Positive Technologies•added 2026/02/10 12:0 a.m.•3 views

PT-2026-7820

CVE-2026-25973 - "Apache HTTP Server Cross-Site Request Forgery" CVE ID : CVE-2026-25973 Published : 2026年2月10日 05:16 | 1 小时，59 分钟 ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.5AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by