CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61155 matches found

Veracode•added 2026/02/05 5:48 a.m.•5 views

Authentication Bypass

Apache HTTP Server is vulnerable to Authentication Bypass. The vulnerability is due to improper handling of the RequestHeader directive via AllowOverride FileInfo in .htaccess, which allows an attacker to cause CGI scripts to execute under an unexpected user ID...

5.4CVSS7.3AI score0.00569EPSS

Exploits0References3Affected Software2

Veracode•added 2026/02/05 5:42 a.m.•5 views

Server-Side Request Forgery (SSRF)

Apache HTTP Server is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of encoded and merged slashes when AllowEncodedSlashes is enabled and MergeSlashes is disabled on Windows, which allows an attacker to exploit crafted requests or malicious content ...

7.5CVSS7.3AI score0.00771EPSS

Exploits0References4Affected Software1

Veracode•added 2026/02/05 4:59 a.m.•6 views

OS Command Injection

Apache HTTP Server is vulnerable to OS Command Injection. The vulnerability is due to improper handling of shell-escaped query strings when Server Side Includes SSI with exec cmd="..." are used alongside modcgid, which allows an attacker to inject and execute arbitrary system commands by crafting...

8.3CVSS5.9AI score0.015EPSS

Exploits0References4Affected Software2

OSV•added 2026/02/05 3:20 a.m.•3 views

GO-2026-4421 Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability in github.com/apache/answer

Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability in github.com/apache/answer. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positiv...

7.5CVSS5.4AI score0.00619EPSS

Exploits0References4

Positive Technologies•added 2026/02/05 12:0 a.m.•3 views

PT-2026-6525

7.5CVSS5.5AI score0.00619EPSS

Exploits0References5

CNVD•added 2026/02/05 12:0 a.m.•5 views

Apache Continuum Command Injection Vulnerability

Apache Continuum is a continuous integration server from the Apache Foundation. Apache Continuum suffers from a command injection vulnerability that stems from improper neutralization of special elements in commands, which can be exploited by an attacker to invoke arbitrary commands on the server...

9.9CVSS6.1AI score0.03732EPSS

Exploits0References1

RedhatCVE•added 2026/02/04 7:28 p.m.•3 views

CVE-2026-23794

Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are...

6.8CVSS5.4AI score0.00362EPSS

Exploits0References1

IBM Security Bulletins•added 2026/02/04 6:37 p.m.•11 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in Apache Commons FileUpload

Summary IBM Watson Discovery Cartridge affected by vulnerability in Apache Commons FileUpload Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects...

7.5CVSS6.8AI score0.63258EPSS

Exploits1Affected Software1

GithubExploit•added 2026/02/04 6:16 p.m.•140 views

Exploit for OS Command Injection in Apache Airflow

Example Build demo stand bash docker-compose up -d...

9.8CVSS8.3AI score0.3398EPSS

Exploits1

OSV•added 2026/02/04 12:31 p.m.•3 views

GHSA-5W5R-8XC6-2XHW Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized users to retrieve restricted o...

8.7CVSS5.4AI score0.00619EPSS

Exploits0References4

Snyk•added 2026/02/04 12:31 p.m.•2 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the /revisions endpoint, which exposes the full revision history of deleted content to unauthenticated attackers. Remediation Upgrade...

8.7CVSS5.3AI score0.00619EPSS

Exploits0References2

Github Security Blog•added 2026/02/04 12:31 p.m.•4 views

Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability

7.5CVSS5.3AI score0.00619EPSS

Exploits0References4Affected Software1

OSV•added 2026/02/04 11:16 a.m.•4 views

CVE-2026-24735

7.5CVSS5.4AI score

Exploits0References2

NVD•added 2026/02/04 11:16 a.m.•6 views

CVE-2026-24735

7.5CVSS0.00619EPSS

Exploits0References2

EUVD•added 2026/02/04 10:41 a.m.•6 views

EUVD-2026-5384

7.5CVSS5.3AI score0.00619EPSS

Exploits0References1

Vulnrichment•added 2026/02/04 10:41 a.m.•4 views

CVE-2026-24735 Apache Answer: Revision API Improper Access Control leads to Information Disclosure

5.3AI score0.00619EPSS

Exploits0References1

CVE•added 2026/02/04 10:41 a.m.•21 views

CVE-2026-24735

CVE-2026-24735 affects Apache Answer up to version 1.7.1. An unauthenticated API endpoint exposes the full revision history for deleted content, enabling unauthorized retrieval of restricted or sensitive information. Remediation: upgrade to version 2.0.0 (or later) where the issue is fixed. The a...

7.5CVSS5.3AI score0.00619EPSS

Exploits0References2Affected Software1