EUVD-2026-27506

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

Apache Wicket 授权问题漏洞

Apache Wicket is an open-source, lightweight, component-based framework developed by the Apache Foundation in the United States. It provides an object-oriented approach for developing web-based dynamic UI applications. Versions of Apache Wicket from 8.0.0 to 8.17.0, 9.0.0, and 10.0.0 to 10.8.0...

Apache Wicket 跨站脚本漏洞

Apache Wicket is an open-source, lightweight, component-based framework developed by the Apache Foundation in the United States. It provides an object-oriented approach for developing web-based dynamic UI applications. Versions of Apache Wicket from 8.0.0 to 8.17.0, 9.0.0, and 10.0.0 to 10.8.0 ha...

Apache Wicket 信息泄露漏洞

Apache Wicket is an open-source, lightweight, component-based framework developed by the Apache Foundation in the United States. It provides an object-oriented approach for developing web-based dynamic UI applications. Versions of Apache Wicket from 8.0.0 to 8.17.0, from 9.0.0 to 9.22.0, and from...

Apache Wicket 路径遍历漏洞

Apache Wicket is an open-source, lightweight, component-based framework developed by the Apache Foundation in the United States. It provides an object-oriented approach for developing web-based dynamic UI applications. Versions 8.0.0 to 8.17.0, 9.0.0 to 9.22.0, and 10.0.0 to 10.8.0 of Apache Wick...

PT-2026-37431

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

PT-2026-37383

Name of the Vulnerable Software and Affected Versions Apache Wicket versions 8.0.0 through 8.17.0 Apache Wicket version 9.0.0 Apache Wicket versions 10.0.0 through 10.8.0 Description Improper neutralization of input during web page generation allows for Cross-site Scripting XSS, a flaw where an...

PT-2026-37375

Name of the Vulnerable Software and Affected Versions Apache Wicket versions 8.0.0 through 8.17.0 Apache Wicket version 9.0.0 Apache Wicket versions 10.0.0 through 10.8.0 Description A session fixation attack is possible due to the missing invocation of the Servlet http web request method...

Apache HTTP Server 2.4.66 Double-Free / Remote Code Execution

Apache HTTP Server version 2.4.66 suffers from a double-free vulnerability related to the HTTP/2 protocol that can allow for remote code execution...

PT-2026-37663

A NULL pointer dereference in mod dav lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod dav lock is not used internally by mod dav or mod dav fs. The only known use-case for mod dav lock was mod dav svn from Apache Subversion...

ROS-20260506-73-0019

A vulnerability in Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260506-73-0015

A vulnerability in Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260506-73-0016

A vulnerability in Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260506-73-0011

A vulnerability in the OCSP component of Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260506-73-0017

A vulnerability in Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260506-73-0012

A vulnerability in the OCSP component of Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260506-73-0013

A vulnerability in the OCSP component of Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260506-73-0018

A vulnerability in Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260506-73-0020

A vulnerability in Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2026-28780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a...