Lucene search
K

988 matches found

Debian CVE
Debian CVE
added 2026/05/04 2:48 p.m.5 views

CVE-2026-29169

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...

7.5CVSS5.8AI score0.00594EPSS
Exploits0
CVE
CVE
added 2026/05/04 2:44 p.m.94 views

CVE-2026-23918

CVE-2026-23918 is a vulnerability in Apache HTTP Server affecting version 2.4.66 with the HTTP/2 protocol, described as a double free and possible remote code execution. The issue may impact confidentiality, integrity, and availability (per the CVSS 3.1 metrics: base score 8.8, high impact). Reme...

8.8CVSS5.8AI score0.4581EPSS
Exploits16References6Affected Software1
Cvelist
Cvelist
added 2026/05/04 2:44 p.m.97 views

CVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

0.4581EPSS
Exploits16References1
AlpineLinux
AlpineLinux
added 2026/05/04 2:42 p.m.5 views

CVE-2026-33006

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

4.8CVSS5.8AI score0.00557EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/05/04 2:41 p.m.5 views

CVE-2026-33007 Apache HTTP Server: mod_authn_socache crash

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.8AI score0.00514EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/04 2:40 p.m.4 views

CVE-2026-33523

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

6.5CVSS5.8AI score0.00436EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/04 2:40 p.m.5 views

CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

5.8AI score0.00436EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/04 2:40 p.m.130 views

CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

0.00436EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 2:16 p.m.7 views

ALPINE-CVE-2026-34032

Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

5.3CVSS5.8AI score0.00485EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 1:16 p.m.5 views

ALPINE-CVE-2026-34059

Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 1:16 p.m.5 views

DEBIAN-CVE-2026-34059

Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/04 1:7 p.m.5 views

EUVD-2026-26951

Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

5.3CVSS5.8AI score0.00393EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 1:7 p.m.16 views

CVE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions

Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

5.8AI score0.00393EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/04 12:54 p.m.5 views

CVE-2026-34032

Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

5.3CVSS5.8AI score0.00485EPSS
Exploits0
EUVD
EUVD
added 2026/05/04 12:54 p.m.7 views

EUVD-2026-26953

Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

5.3CVSS5.8AI score0.00485EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/04 12:54 p.m.128 views

CVE-2026-34032 Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)

Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

0.00485EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/04 12:39 p.m.8 views

CVE-2026-34059

Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.5CVSS5.8AI score0.00394EPSS
Exploits0
CVE
CVE
added 2026/05/04 12:39 p.m.141 views

CVE-2026-34059

CVE-2026-34059 affects Apache HTTP Server up to version 2.4.66, with a vulnerability in the mod_proxy_ajp component: a heap over-read in the ajp_parse_data() path that can lead to memory disclosure. The public description in multiple sources confirms the issue and the recommended mitigation is to...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/04 12:39 p.m.137 views

CVE-2026-34059 Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()

Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

0.00394EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/04 12:37 p.m.5 views

CVE-2026-24072

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

8.8CVSS5.8AI score0.00654EPSS
Exploits1
Rows per page
Query Builder