CVE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

CVE-2026-29170

CVE-2026-29170 describes a cross-site scripting (XSS) vulnerability in Apache HTTP Server 2.4.67 and earlier, affecting mod_proxy_ftp during HTML directory list generation when listing FTP directory contents via forward or reverse proxy configurations. The vulnerability arises in the HTML directo...

CVE-2026-29167 Apache HTTP Server: mod_ldap per-dir use-after-free

Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

CVE-2026-29167

CVE-2026-29167 is a Use After Free vulnerability in Apache HTTP Server when using mod_ldap in per-directory configuration. The issue affects Apache HTTP Server versions 2.4.0 through 2.4.67. The CVSS base score is 9.8 (Network, N), with high impact on confidentiality, integrity, and availability....

PT-2026-47325

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A buffer underwrite issue exists when using crafted regular expressions within the configuration. Recommendations Upgrade to version 2.4.68...

PT-2026-47319

Name of the Vulnerable Software and Affected Versions Apache versions prior to 2.4.68 Description A path handling issue in the mod dav fs module allows a WebDAV content author to directly manipulate trusted DAV property databases, which can potentially lead to child process crashes. Recommendatio...

PT-2026-47314

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.68 Description A cross-site scripting issue exists in the HTML directory list generation of mod proxy ftp when listing FTP directory contents through forward or reverse proxy configurations...

PT-2026-47322

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.68 Description Improper Privilege Management allows local .htaccess authors to read files using the privileges of the httpd user. Recommendations Upgrade to version 2.4.68...

PT-2026-47331

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.55 through 2.4.67 Description A Use After Free issue exists in the mod http2 module of Apache HTTP Server, which occurs when file handles are already exhausted. Use After Free is a memory corruption flaw where a...

Debian dla-4620 : apache2 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4620 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4620-1 [email protected] https://www.debian.org/lts/security/...

RHEL 8 : httpd:2.4 (RHSA-2026:22140)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22140 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP...

EulerOS Virtualization 2.13.0 : httpd (EulerOS-SA-2026-2170)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped quer...

Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS

TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service DoS vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Discovered by security firm Calif using OpenAI’s Code...

USN-8384-1 apache2 vulnerability

It was discovered that Apache HTTP Server incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause Apache HTTP Server to consume excessive resources, resulting in a denial of service...

PT-2026-46876

It was discovered that Apache HTTP Server incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause Apache HTTP Server to consume excessive resources, resulting in a denial of service...

ALSA-2026:22551 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

Linux Distros Unpatched Vulnerability : CVE-2026-48827

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload- pack, git-receive-pack, and other git operations allows...

Apache httpd -- DoS exploit in HTTP/2

Calif security reports: Remote DoS in modhttp2...

Exploit for CVE-2026-8732

CVE-2026-8732 - WP Maps Pro &checktemp=false' 3. Login via...

USN-8338-2: Apache HTTP Server regression

USN-8338-1 fixed vulnerabilities in Apache HTTP Server. The update introduced a regression that prevented modhttp2 from loading on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server incorrectly...