CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61005 matches found

Positive Technologies•added 3 days ago•6 views

PT-2026-48460

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 "Expand validation to block .. in config file name and configver for improved security" added a line in app/modules/config/config.py:462. This is tuple-membership,...

8.1CVSS5.5AI score0.00039EPSS

Exploits0References3

Positive Technologies•added 3 days ago•6 views

PT-2026-48436

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a config file name form field that is passed straight through to config mod.master slave upload and restart... as the destination path. The validati...

9.9CVSS5.5AI score0.00074EPSS

Exploits0References2

AlmaLinux•added 3 days ago•4 views

Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a CVSS scor...

7.5CVSS5.5AI score0.00421EPSS

Exploits4References4

Positive Technologies•added 3 days ago•5 views

PT-2026-48576

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.07 Description Improper Control of Generation of Code allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks. This can lead to Remote...

6AI score0.0026EPSS

Exploits0References4

Tenable Nessus•added 3 days ago•4 views

RHEL 9 : mod_http2 (RHSA-2026:25057)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:25057 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote...

7.5CVSS5.5AI score0.00421EPSS

Exploits4References4

Positive Technologies•added 3 days ago•5 views

PT-2026-48459

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publication, there are no publicly available patches...

8.3CVSS5.5AI score0.00048EPSS

Exploits0References2

Positive Technologies•added 3 days ago•6 views

PT-2026-48575

A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue...

5.4AI score0.00017EPSS

Exploits0References3

OSV•added 3 days ago•3 views

ALSA-2026:25090 Important: httpd:2.4 security update

7.5CVSS5.5AI score0.00421EPSS

Exploits4References4

Positive Technologies•added 3 days ago•5 views

PT-2026-48456

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

7.2CVSS5.4AI score0.00056EPSS

Exploits0References2

Chainguard•added 4 days ago•5 views

GHSA-5XRH-QMMQ-W6CH vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-4.0, management-api-for-apache-cassandra-4.1, seata, trino...

5.2AI score

Exploits0

Chainguard•added 4 days ago•7 views

CVE-2026-46340 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-4.0, management-api-for-apache-cassandra-4.1, seata, trino...

7.5CVSS5.1AI score0.00042EPSS

Exploits0

Chainguard•added 4 days ago•7 views

GHSA-XMV7-R254-6Q78 vulnerabilities

Vulnerabilities for packages: infinispan, knative-kafka-broker, apache-nifi, management-api-for-apache-cassandra-4.1, seata, strimzi-kafka-operator-fips, trino, zipkin, elasticsearch-fips, management-api-for-apache-cassandra-4.0, camunda, request-9047-keycloak-fips, camunda-zeebe, flyway,...

5.2AI score

Exploits0

Chainguard•added 4 days ago•5 views

GHSA-W573-9FFJ-6FF9 vulnerabilities

Vulnerabilities for packages: localstack, infinispan, s3proxy, apache-nifi, management-api-for-apache-cassandra-4.0, management-api-for-apache-cassandra-4.1, zookeeper, seata, apache-pulsar, zookeeper-fips, neo4j, zipkin, camunda, cassandra-fips, trino, camunda-zeebe, cassandra-reaper...

5.2AI score

Exploits0

Chainguard•added 4 days ago•13 views

CVE-2026-47244 vulnerabilities

Vulnerabilities for packages: localstack, infinispan, knative-kafka-broker, request-9047-keycloak-fips, apache-nifi, elasticsearch-fips, management-api-for-apache-cassandra-4.0, management-api-for-apache-cassandra-4.1, seata, apache-pulsar, strimzi-kafka-operator-fips, zipkin, camunda,...

5.3CVSS5.1AI score0.00039EPSS

Exploits0

Chainguard•added 4 days ago•5 views

CVE-2026-45673 vulnerabilities

6.8CVSS5.1AI score0.00029EPSS

Exploits0

Chainguard•added 4 days ago•7 views

CVE-2026-47691 vulnerabilities

8.7CVSS5.1AI score0.00015EPSS

Exploits0

Chainguard•added 4 days ago•7 views

GHSA-676X-F7GG-47VC vulnerabilities