Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11478 matches found

Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.7 views

PT-2026-40121

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

6.4AI score0.00958EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/05/11 12:0 a.m.6 views

Unity Linux 20.1060e / 20.1070e Security Update: httpd (UTSA-2026-017605)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017605 advisory. Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' Tenable has extracted the preceding description block directly from...

5.3CVSS6.8AI score0.36362EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2026/05/11 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-26528

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mghttpservefile function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool...

9.1CVSS5.9AI score0.00334EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/05/11 12:0 a.m.5 views

Tenda AC6 命令注入漏洞

Tenda AC6 is a wireless router produced by the Chinese company Tenda. The version 15.03.06.23 of Tenda AC6 has a command injection vulnerability. This vulnerability stems from the function getlogfile in the httpd component’s file/goform, which processes the parameter wan.flag, potentially allowin...

7.2CVSS5.8AI score0.0037EPSS
Exploits1References1
Snyk
Snykadded 2026/05/08 10:39 p.m.4 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the HandleCreateSmPolicyRequest process when a downstream OpenAPI consumer call returns a 404 error and the response struct is nil. An attacker can cause the application to panic a...

8.7CVSS5.8AI score0.00059EPSS
Exploits1References3
GithubExploit
GithubExploitadded 2026/05/08 6:28 p.m.134 views

Exploit for Observable Timing Discrepancy in Apache Http_Server

CTT-enhanced-Apache-modauthdigest-timing-attack-exploit CTT-...

4.8CVSS5.8AI score0.00246EPSS
Exploits1
OSV
OSVadded 2026/05/08 5:43 a.m.2 views

BIT-JRE-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

5.8CVSS6.7AI score0.00606EPSS
Exploits0References15
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.6 views

PT-2026-38772

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0...

5.3CVSS5.9AI score0.00203EPSS
Exploits0References11
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.6 views

PT-2026-38721

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

5.8CVSS5.8AI score0.00606EPSS
Exploits0References16
OSV
OSVadded 2026/05/07 5:25 p.m.3 views

CLSA-2026-1778174697 httpd: Fix of 9 CVEs

CVE-2026-24072: fix modrewrite apexpr privilege escalation in htaccess - CVE-2026-28780: fix modproxyajp ajpmsgcheckheader buffer over-read - CVE-2026-29169: fix moddavlock NULL pointer dereference - CVE-2026-33006: fix modauthdigest timing attack - CVE-2026-33007: fix modauthnsocache NULL...

9.8CVSS5.9AI score0.00648EPSS
Exploits2References1
OSV
OSVadded 2026/05/07 8:38 a.m.4 views

BIT-APACHE-2026-28780 Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

9.8CVSS5.8AI score0.00026EPSS
Exploits0References3
Microsoft CVE
Microsoft CVEadded 2026/05/07 8:12 a.m.4 views

Apache HTTP Server: Off-by-one OOB reads in AJP getter functions

...

5.3CVSS5.8AI score0.00247EPSS
Exploits0
Microsoft CVE
Microsoft CVEadded 2026/05/07 8:12 a.m.10 views

Apache HTTP Server: mod_md unrestricted OCSP response

...

7.3CVSS5.8AI score0.00049EPSS
Exploits0
Microsoft CVE
Microsoft CVEadded 2026/05/07 8:12 a.m.7 views

Apache HTTP Server: mod_dav_lock indirect lock crash

...

7.5CVSS5.8AI score0.00644EPSS
Exploits0
Microsoft CVE
Microsoft CVEadded 2026/05/07 8:11 a.m.8 views

Apache HTTP Server: mod_authn_socache crash

...

5.3CVSS5.8AI score0.00648EPSS
Exploits0
Microsoft CVE
Microsoft CVEadded 2026/05/07 8:11 a.m.4 views

Apache HTTP Server: mod_auth_digest timing attack

...

4.8CVSS5.8AI score0.00246EPSS
Exploits1
Microsoft CVE
Microsoft CVEadded 2026/05/07 8:11 a.m.13 views

Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)

...

5.3CVSS5.8AI score0.00247EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2026/05/07 12:0 a.m.13 views

PT-2026-38461

Heap-based Buffer Overflow vulnerability in mod proxy ajp of Apache HTTP Server. If mod proxy ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod proxy ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This...

9.8CVSS5.8AI score0.00026EPSS
Exploits0References4
OSV
OSVadded 2026/05/06 2:43 p.m.2 views

BIT-JAVA-MIN-2022-21628

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0...

5.3CVSS6.7AI score0.00203EPSS
Exploits0References10
OSV
OSVadded 2026/05/06 2:43 p.m.3 views

BIT-JAVA-2022-21628

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0...

5.3CVSS6.7AI score0.00203EPSS
Exploits0References10
Rows per page
Query Builder