EUVD-2026-27321

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

DEBIAN-CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

ALPINE-CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

Exploit for Double Free in Apache Http_Server

Apache HTTP Server: http2: Double Free and possible RCE on e...

CVE-2026-29168 Apache HTTP Server: mod_md unrestricted OCSP response

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-29168

CVE-2026-29168 affects Apache HTTP Server’s mod_md and is due to an Allocation of Resources Without Limits or Throttling via OCSP response data. Affected are Apache httpd versions 2.4.30 through 2.4.66; upgrading to 2.4.67 fixes the issue. The vulnerability description consistently notes this as ...

CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

Insecure Deserialization

org.apache.camel, camel-mina is vulnerable to insecure deserialization. The vulnerability is due to the MinaConverter.toObjectInputIoBuffer method wrapping untrusted data in a java.io.ObjectInputStream without applying filtering or class restrictions, which allows an attacker to send crafted...

Deserialization Of Untrusted Data

Apache MINA is vulnerable to deserialization of untrusted data. The vulnerability is due to missing class validation in the AbstractIoBuffer.resolveClass method, which bypasses the classname allowlist and allows an attacker to execute arbitrary code via crafted serialized input...

CVE-2026-40022

A flaw was found in the Apache Camel embedded HTTP server and embedded management server camel-platform-http-main. When authentication is enabled and a non-root context path is configured, the authentication handler incorrectly matches only the exact configured path, not its subpaths. This allows...

Exploit for Double Free in Apache Http_Server

CVE-2026-23918-test This repository contains a Proof of Concep...

CVE-2026-40048

A flaw was found in Apache Camel. The FileBasedKeyLifecycleManager class deserializes key files without proper validation, allowing an attacker who can write to the key directory to place a specially crafted serialized Java object. When this object is deserialized during normal key operations, it...

Header Injection

Apache Camel is vulnerable to Header Injection. The vulnerability is due to missing inbound header filtering in the MailHeaderFilterStrategy, which allows an attacker to inject malicious Camel-specific headers via email and manipulate downstream component behavior...

Improper Validation Of Certificate

Apache Thrift is vulnerable to Improper Validation of Certificate. The vulnerability is due to improper validation of certificates against the host name, which allows an attacker to perform man-in-the-middle attacks by presenting a mismatched or malicious certificate...

HTTP Request/Response Smuggling Apache Tomcat Dependency in Confluence Data Center

This High severity HTTP Request/Response Smuggling vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This HTTP Request/Response Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Exploit for Double Free in Apache Http_Server

☣️ CVE-2026-23918-Elite-Auditor ☣️ Professional Intelligenc...

EUVD-2026-27245

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...

EUVD-2026-27243

Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...