UBUNTU-CVE-2026-33307

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

CVE-2026-33307 mod_gnutils has stack-based buffer overflow caused by a long client certificate chain

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

PT-2026-27302

Name of the Vulnerable Software and Affected Versions Mod gnutls versions prior to 0.12.3 Mod gnutls versions prior to 0.13.0 Description Mod gnutls is a TLS module for Apache HTTPD based on GnuTLS. The software contains an issue where code for client certificate verification imports the...

CVE-2026-33231

A flaw was found in NLTK Natural Language Toolkit, specifically in the nltk.app.wordnetapp component. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted GET request to the local WordNet Browser HTTP server when it is running in its default...

📄 Cursor IDE MCP Deeplink Remote Code Execution

This Metasploit module exploits the MCP deeplink functionality in Cursor IDE through social engineering. The cursor:// protocol handler can be abused when a user accepts an installation prompt, leading to arbitrary command execution...

Exploit for Path Traversal in Apache Http_Server

https://n...

CVE-2026-33231

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server whe...

CVE-2026-33231

CVE-2026-33231 affects NLTK’s nltk.app.wordnet_app in versions 3.9.3 and earlier, where the WordNet Browser HTTP server started in default mode can be remotely shutdown by an unauthenticated GET request to /SHUTDOWN%20THE%20SERVER, causing a denial of service via os._exit(0). IBM’s bulletin/Secur...

CVE-2026-33231

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server whe...

Missing Authentication for Critical Function

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in WordNet Browser HTTP server in default configuration. An attacker can cause the service to...

GHSA-JM6W-M3J8-898G Unauthenticated remote shutdown in nltk.app.wordnet_app

Summary nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple GET /SHUTDOWN%20THE%20SERVER request causes the process to terminate immediately via os.exit0, resulting in a denial of service. Details The...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 — Apache HTTP Server 2.4.49 Path Traversal / RC...

Security Bulletin: IBM HTTP Server shipped with IBM OpenPages is vulnerable to multiple vulnerabilities

Summary IBM HTTP Server used by IBM WebSphere Application Server, that is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. These products have addressed the applicable CVEs. For a...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 — Apache Path Traversal & RCE Internship Tas...

io.micronaut.aws:micronaut-aws-alexa-httpserver (=5.0.0-M1), io.micronaut.aws:micronaut-function-aws-api-proxy (=5.0.0-M1) +38 more potentially affected by CVE-2026-33012 via io.micronaut:micronaut-http-server (>=5.0.0-M1 <=5.0.0-M15)

io.micronaut:micronaut-http-server MAVEN version =5.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M2 and more Source cves: CVE-2026-33012 Source advisory: SNYK:JAVA-IOMICRONAUT-15678683...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the DefaultHtmlErrorResponseBodyProvider class. An attacker can exhaust heap memory and cause a crash by sending requests that trigger exceptions with attacker-controlled messages...

EulerOS Virtualization 2.12.0 : httpd (EulerOS-SA-2026-1487)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped quer...

Exploit for Out-of-bounds Write in Starnight Micro_Http_Server

💥 CVE-2023-50965 — Stack Buffer Overflow Exploit Linux Proo...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1430)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1536)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...