Lucene search
K

315 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.4 views

httpd: NULL pointer dereference via specially crafted request

A flaw was found in the moddavlock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request...

7.5CVSS7.1AI score0.00594EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2026/06/24 12:0 a.m.9 views

nginx:1.26 security update

1.26.3-9.0.1 - Require oracle-indexhtml 2:1.26.3-9 - Resolves: RHEL-176218 - nginx:1.26/nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 2:1.26.3-8 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 2:1.26.3-7 -...

9.2CVSS6.5AI score0.61469EPSS
Exploits40
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.4 views

httpd: NULL pointer dereference via specially crafted request

A flaw was found in the moddavlock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request...

7.5CVSS5.9AI score0.00594EPSS
Exploits0References5
Redos
Redos
added 2026/06/22 12:0 a.m.5 views

ROS-20260622-73-0041

The vulnerability of the ngxhttpdavmodule module in NGINX Plus and NGINX Open Source servers is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow a malicious actor to cause service failures...

8.8CVSS6.2AI score0.21621EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48813

Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. Patches The issue is fixed with version 4.3.4. Preconditions The practical impact depends on the deployment. The deployment...

7.1CVSS5.5AI score0.00072EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-42535

A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

9.1CVSS0.00538EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/08 3:14 p.m.12 views

CVE-2026-42535

A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

9.1CVSS5.3AI score0.00538EPSS
Exploits0
CVE
CVE
added 2026/06/08 3:14 p.m.201 views

CVE-2026-42535

CVE-2026-42535 affects Apache httpd’s mod_dav_fs in versions 2.4.67 and earlier. A path handling issue lets a WebDAV content author directly manipulate trusted DAV property databases, with the practical impact described as potential child process crashes. The recommended remediation is upgrading ...

9.1CVSS5.4AI score0.00538EPSS
Exploits0References2Affected Software1
Ubuntu
Ubuntu
added 2026/06/08 10:16 a.m.16 views

USN-8396-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server modrewrite module incorrectly handled certain privileges. A local attacker could possibly use this issue to obtain sensitive information. CVE-2026-24072 Andrew Lacambra, Elhanan Haenel, Tianshuo Han, and Tristan Madani discovered that the Apache HTTP...

9.8CVSS5.7AI score0.01376EPSS
Exploits1
OSV
OSV
added 2026/06/08 10:16 a.m.13 views

USN-8396-1 apache2 vulnerabilities

It was discovered that the Apache HTTP Server modrewrite module incorrectly handled certain privileges. A local attacker could possibly use this issue to obtain sensitive information. CVE-2026-24072 Andrew Lacambra, Elhanan Haenel, Tianshuo Han, and Tristan Madani discovered that the Apache HTTP...

9.8CVSS5.7AI score0.01376EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.18 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : nginx vulnerabilities (USN-8375-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8375-1 advisory. It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SM...

9.2CVSS9.1AI score0.61469EPSS
Exploits43References13
RedhatCVE
RedhatCVE
added 2026/06/01 10:13 p.m.12 views

CVE-2026-45691

A flaw was found in Nextcloud Server. An attacker could reuse a pre-two-factor authentication 2FA session cookie as a Bearer token. This allows them to authenticate against DAV endpoints, granting unauthorized read and write access and bypassing the mandatory two-factor authentication. Mitigation...

5.9CVSS5.7AI score0.0029EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 7:16 p.m.17 views

CVE-2026-45691

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS0.0029EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/01 5:9 p.m.11 views

CVE-2026-45691

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS5.7AI score0.0029EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 5:9 p.m.13 views

CVE-2026-45691 Nextcloud: Bypass of second factor authentication on DAV endpoints

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS5.7AI score0.0029EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 5:9 p.m.95 views

CVE-2026-45691

Summary: CVE-2026-45691 affects Nextcloud Server prior to 32.0.9 and 33.0.3, where a pre-2FA session cookie created after password auth but before TOTP could be reused as a Bearer token to access DAV endpoints, bypassing mandatory two-factor authentication and granting read/write access. Impact: ...

5.9CVSS5.7AI score0.0029EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/01 5:9 p.m.41 views

CVE-2026-45691 Nextcloud: Bypass of second factor authentication on DAV endpoints

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS0.0029EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/01 4:53 p.m.36 views

CVE-2026-45283 Nextcloud: Files Lock app allows users to lock and unlock files of other users

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the fileslock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated user could lock or...

6.3CVSS0.00211EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

Nextcloud Server 授权问题漏洞

NextCloud Server is an open-source NextCloud server program developed by NextCloud. Versions of NextCloud Server from 32.0.0 to 32.0.9 and from 33.0.0 to 33.0.3 contained vulnerabilities related to authorization. These vulnerabilities stemmed from the possibility that the session cookie, which...

5.9CVSS5.3AI score0.0029EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.25 views

PT-2026-45535

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions 32.0.0 through 32.0.8 Nextcloud Server versions 33.0.0 through 33.0.2 Nextcloud Enterprise Server versions prior to 29.0.16.16 Nextcloud Enterprise Server versions prior to 30.0.17.9 Nextcloud Enterprise Server versio...

5.9CVSS6.1AI score0.0029EPSS
Exploits0References7
Rows per page
Query Builder