CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5645 matches found

Positive Technologies•added 2025/09/24 12:0 a.m.•2 views

PT-2025-39495

CVE-2025-59928 - Apache HTTP Server SQL Injection CVE ID : CVE-2025-59928 Published : Sept. 24, 2025, 3:15 a.m. | 4 hours, 7 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

7.5AI score

Exploits0References1

Positive Technologies•added 2025/09/24 12:0 a.m.•2 views

PT-2025-39491

CVE-2025-59924 - Apache HTTP Server Command Injection CVE ID : CVE-2025-59924 Published : Sept. 24, 2025, 3:15 a.m. | 4 hours, 7 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

6.8AI score

Exploits0References1

Positive Technologies•added 2025/09/24 12:0 a.m.•2 views

PT-2025-39524

CVE-2025-59929 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-59929 Published : Sept. 24, 2025, 3:15 a.m. | 4 hours, 7 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

6.4AI score

Exploits0References1

Positive Technologies•added 2025/09/24 12:0 a.m.•2 views

PT-2025-39490

CVE-2023-47538 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2023-47538 Published : Sept. 24, 2025, 3:15 a.m. | 4 hours, 7 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

6.4AI score

Exploits0References1

Positive Technologies•added 2025/09/24 12:0 a.m.•2 views

PT-2025-39494

CVE-2025-59927 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-59927 Published : Sept. 24, 2025, 3:15 a.m. | 4 hours, 7 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

6.4AI score

Exploits0References1

Positive Technologies•added 2025/09/19 12:0 a.m.•2 views

PT-2025-38652

CVE-2025-59676 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-59676 Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

6.4AI score

Exploits0References1

Positive Technologies•added 2025/09/19 12:0 a.m.•2 views

PT-2025-38641

CVE-2025-59671 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-59671 Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

6.5AI score

Exploits0References1

Positive Technologies•added 2025/09/19 12:0 a.m.•2 views

PT-2025-38642

CVE-2025-59672 - Apache HTTP Server Command Injection CVE ID : CVE-2025-59672 Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

6.9AI score

Exploits0References1

Amazon•added 2025/09/15 12:0 a.m.•64 views

Medium: httpd

Issue Overview: A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue. CVE-2025-54090 Affected Packages: httpd Issue Correction: Run dnf update httpd --releasever 2023.8.202509...

6.3CVSS6.9AI score0.00924EPSS

Exploits0

Gitee•added 2025/09/13 5:41 p.m.•80 views

Exploit for Path Traversal in Apache Http_Server

This is a PoC exploit for CVE-2021-41773, a remote code execution vulnerability in Apache HTTP Server versions 2.4.49 and 2.4.50. The exploit targets the CGI enabled feature of these versions, allowing an attacker to execute arbitrary code on the server. The exploit is written in Python and uses...

7.5CVSS8.7AI score0.94391EPSS

Exploits144

Tenable Nessus•added 2025/09/10 12:0 a.m.•4 views

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2025-2071)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3...

9.1CVSS7.6AI score0.00651EPSS

Exploits1References3

RedHat Linux•added 2025/09/08 7:4 p.m.•7 views

Moderate: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.1CVSS7.4AI score0.03545EPSS

Exploits1References5

RedHat Linux•added 2025/09/08 7:4 p.m.•5 views

httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption

An access control bypass vulnerability was found in Apache httpd. The Apache HTTP Server with some modssl configurations can bypass the access controls by trusted clients using TLS 1.3 session resumption. A client trusted to access one virtual host may be able to access another if...

9.1CVSS5.7AI score0.00058EPSS

Exploits1References5

Positive Technologies•added 2025/09/06 12:0 a.m.•2 views

PT-2025-36433

CVE-2025-58907 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-58907 Published : Sept. 6, 2025, 3:15 a.m. | 3 hours, 53 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

6.7AI score

Exploits0References1

Positive Technologies•added 2025/09/06 12:0 a.m.•2 views

PT-2025-36450

CVE-2025-58912 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-58912 Published : Sept. 6, 2025, 3:15 a.m. | 3 hours, 53 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

6.7AI score

Exploits0References1

Positive Technologies•added 2025/09/06 12:0 a.m.•2 views

PT-2025-36449

CVE-2025-58911 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-58911 Published : Sept. 6, 2025, 3:15 a.m. | 3 hours, 53 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

6.7AI score

Exploits0References1

Microsoft CVE•added 2025/09/04 3:26 a.m.•6 views

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

...

6.9CVSS7AI score0.00197EPSS

Exploits4

RedHat Linux•added 2025/09/03 1:23 p.m.•2 views

httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

7.4CVSS5.7AI score0.00446EPSS

Exploits0References5

RedHat Linux•added 2025/09/02 8:3 p.m.•1 views

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

7.5CVSS5.8AI score0.00651EPSS

Exploits0References5