CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

6.5CVSS6.9AI score0.00758EPSS

ALPINE-CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

NVD•added 2025/12/05 11:15 a.m.•5 views

CVE-2025-55753

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: fro...

7.5CVSS0.00402EPSS

Exploits0References2

OSV•added 2025/12/05 11:15 a.m.•4 views

AZL-71851 CVE-2025-55753 affecting package mod_md 2.2.7-4

7.5CVSS5.8AI score0.00402EPSS

CVE-2025-55753

7.5CVSS7.1AI score

Exploits0References2

7.5CVSS5.8AI score0.00402EPSS

AZL-71858 CVE-2025-55753 affecting package mod_md 2.4.26-3

7.5CVSS5.8AI score0.00402EPSS

UBUNTU-CVE-2025-55753

Exploits0References5

AlpineLinux•added 2025/12/05 11:2 a.m.•5 views

CVE-2025-66200

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...

5.4CVSS7AI score0.00569EPSS

CVE•added 2025/12/05 10:46 a.m.•426 views

CVE-2025-65082

CVE-2025-65082 affects Apache HTTP Server 2.4.0–2.4.65, due to improper neutralization of Escape, Meta, or Control sequences in environment variables set via Apache config, which can supersede server-calculated CGI variables. The issue, identified across multiple advisories (Debian DLA-4452-1, AL...

6.5CVSS6.5AI score0.00758EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/12/05 10:46 a.m.•2 views

CVE-2025-65082 Apache HTTP Server: CGI environment variable override

6.5AI score0.00758EPSS

AlpineLinux•added 2025/12/05 10:46 a.m.•4 views

CVE-2025-65082

6.5CVSS7AI score0.00758EPSS

AlpineLinux•added 2025/12/05 10:17 a.m.•5 views

CVE-2025-59775

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

7.5CVSS7AI score0.00771EPSS

Vulnrichment•added 2025/12/05 10:12 a.m.•2 views

CVE-2025-55753 Apache HTTP Server: mod_md (ACME), unintended retry intervals

6.8AI score0.00402EPSS

AlpineLinux•added 2025/12/05 10:12 a.m.•4 views

CVE-2025-55753

7.5CVSS7.3AI score0.00402EPSS

CNNVD•added 2025/12/05 12:0 a.m.•5 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A cross-site request forgery vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause NTLM hash...

7.5CVSS6.4AI score0.00771EPSS

Exploits0References4

Slackware Linux•added 2025/12/04 10:33 p.m.•8 views

[slackware-security] httpd

New httpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.66-i586-1slack15.0.txz: Upgraded. This release fixes bugs and the following security issues: moduserdir+suexec bypass via...

8.3CVSS7AI score0.015EPSS

OpenVAS•added 2025/12/04 12:0 a.m.•6 views

Apache HTTP Server < 2.4.66 Multiple Vulnerabilities - Windows

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

8.3CVSS7.5AI score0.015EPSS

Exploits0References3

Tenable Nessus•added 2025/12/04 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2025-55753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer...

7.5CVSS7.2AI score0.00402EPSS

Exploits0References2

Positive Technologies•added 2025/11/26 12:0 a.m.•2 views

PT-2025-48331

CVE-2025-66235 - Apache Server HTTP Header Injection CVE ID : CVE-2025-66235 Published : Nov. 26, 2025, 4:15 a.m. | 2 hours, 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

7AI score

Positive Technologies•added 2025/11/26 12:0 a.m.•2 views

PT-2025-48326

CVE-2025-66230 - Apache HTTP Server Unvalidated Redirect CVE ID : CVE-2025-66230 Published : Nov. 26, 2025, 4:15 a.m. | 2 hours, 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

7AI score

Positive Technologies•added 2025/11/24 12:0 a.m.•2 views

PT-2025-48028

CVE-2025-13594 - Apache HTTP Server Command Injection Vulnerability CVE ID : CVE-2025-13594 Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and...

7.3AI score