CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61119 matches found

Cvelist•added 2026/04/02 3:55 p.m.•14 views

CVE-2025-65114 Apache Traffic Server: Malformed chunked message body allows request smuggling

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue...

0.00428EPSS

Exploits0References1

CVE•added 2026/04/02 3:55 p.m.•29 views

CVE-2025-65114

CVE-2025-65114 affects Apache Traffic Server where malformed chunked messages enable HTTP request smuggling. Affected versions: 9.0.0–9.2.12 and 10.0.0–10.1.1. The issue is mitigated by upgrading to 9.2.13 or 10.1.2, which include the fix for the chunked encoding parser and related handling (Fedo...

7.5CVSS5.8AI score0.00428EPSS

Exploits0References1Affected Software1

CVE•added 2026/04/02 3:54 p.m.•8 views

CVE-2025-58136

Apache Traffic Server is affected by CVE-2025-58136 due to a bug in POST request handling that can crash the server under certain conditions. Affected versions are 10.0.0–10.1.1 and 9.0.0–9.2.12. The issue is fixed in 10.1.2 and 9.2.13; upgrading is recommended. As a workaround for older releases...

7.5CVSS5.9AI score0.00673EPSS

Exploits0References1Affected Software1

Debian CVE•added 2026/04/02 3:54 p.m.•5 views

CVE-2025-58136

A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to...

7.5CVSS7.6AI score0.00673EPSS

Exploits0

CNNVD•added 2026/04/02 12:0 a.m.•5 views

Apache Traffic Server 安全漏洞

Apache Traffic Server ATS is a scalable HTTP proxy and caching server developed by the Apache Foundation in the United States. Versions of Apache Traffic Server 10.1.1 and earlier, as well as 9.2.12 and earlier versions, have security vulnerabilities. These vulnerabilities stem from defects in PO...

7.5CVSS7.4AI score0.00673EPSS

Exploits0References1

CNNVD•added 2026/04/02 12:0 a.m.•6 views

Apache Traffic Server 安全漏洞

Apache Traffic Server ATS is a scalable HTTP proxy and caching server developed by the Apache Foundation in the United States. There are security vulnerabilities in Apache Traffic Server versions 9.2.12 and earlier, as well as 10.1.1 and earlier versions. These vulnerabilities stem from an error ...

7.5CVSS5.8AI score0.00428EPSS

Exploits0References1

Positive Technologies•added 2026/04/02 12:0 a.m.•3 views

PT-2026-29792

7.5CVSS6AI score0.00673EPSS

Exploits0References7

Packet Storm News•added 2026/04/02 12:0 a.m.•1 views

Design and Implementation of an Open-Source Security Framework for Cloud Infrastructure

Misconfiguration, excessive privilege, and tool fragmentation remain the main reasons why enterprise cloud environments are breached. Recent reports on cloud-native application protection note that most incidents can be traced back to configuration or identity errors rather than platform flaws, a...

5.9AI score

Exploits0

Positive Technologies•added 2026/04/02 12:0 a.m.•3 views

PT-2026-31712

Name of the Vulnerable Software and Affected Versions Apache Tomcat version 11.0.20 Apache Tomcat version 10.1.53 Apache Tomcat version 9.0.116 Description A fail-open regression in the Tribes clustering component allows the EncryptInterceptor to be bypassed. This occurs because failed decryption...

7.8CVSS7.5AI score0.01895EPSS

Exploits5References104

Positive Technologies•added 2026/04/02 12:0 a.m.•4 views

PT-2026-31711

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.20, 10.1.0-M1 through 10.1.53, and 9.0.40 through 9.0.116 Description A flaw exists within the JsonAccessLogValve component of Apache Tomcat related to improper encoding or escaping of output...

9.1CVSS5.8AI score0.03645EPSS

Exploits7References121

RedhatCVE•added 2026/04/01 11:0 p.m.•4 views

CVE-2026-34381

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

7.5CVSS5.7AI score0.00575EPSS

Exploits1References1