CVE-2026-2877

The CVE-2026-2877 affects Tenda A18 (firmware 15.13.07.13) in the Httpd Service’s /goform/WifiExtraSet endpoint. The issue is a stack-based overflow due to unsafe handling of strcpy on the wpapsk_crypto5g parameter, enabling remote initiation of an attack. Public disclosures exist (including NVD,...

CVE-2026-2202

A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and...

CVE-2026-2203

The CVE-2026-2203 issue affects Tenda AC8 firmware v16.03.33.05 in the Embedded Httpd Service, specifically the /goform/fast_setting_wifi_set function. A flaw allows manipulation of the timeZone argument to trigger a buffer overflow, enabling remote exploitation. Public exploit activity is indica...

CVE-2026-2203 Tenda AC8 Embedded Httpd Service fast_setting_wifi_set buffer overflow

A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fastsettingwifiset of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of the attack is...

Tenda AC8 安全漏洞

The Tenda AC8 is a wireless router produced by the Chinese company Tenda. Version 16.03.33.05 of the Tenda AC8 contains a security vulnerability. This vulnerability stems from incorrect handling of the file/goform/fast-settingwifi-set parameter timeZone in the Embedded Httpd Service component,...

PT-2026-6986

Name of the Vulnerable Software and Affected Versions Tenda AC8 version 16.03.33.05 Description A buffer overflow issue exists in the Embedded Httpd Service component of Tenda AC8. The flaw is located in the file '/goform/fast setting wifi set' and is triggered by manipulating the timeZone...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1171)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : httpd (EulerOS-SA-2026-1171)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of...

NewStart CGSL MAIN 6.06 : httpd Multiple Vulnerabilities (NS-SA-2025-0240)

The remote NewStart CGSL host, running version MAIN 6.06, has httpd packages installed that are affected by multiple vulnerabilities: - Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue...

CLSA-2026-1769099972 httpd: Fix of 2 CVEs

CVE-2025-65082: fix CGI environment variable injection by preventing HTTP headers from overriding server-set variables and added regression tests - CVE-2025-66200: prevent suexec bypass by removing request notes usage and rejecting the undocumented RequestHeader note option...

SUSE CVE-2025-63647

A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

Azure Linux 3.0 Security Update: httpd (CVE-2024-38473)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38473 advisory. - Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect...

CVE-2025-57155

Summary: CVE-2025-57155 affects owntone-server due to a NULL pointer dereference in the daap_reply_groups function (src/httpd_daap.c) triggered by a commit 5e6f19a, after version 28.2. This flaw allows remote attackers to cause a Denial of Service. What’s affected: owntone-server builds prior to ...

MiracleLinux 7 : httpd-2.4.6-99.1.0.3.el7.AXS7 (AXSA:2024-8720:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8720:05 advisory. CVE-2024-39884: modules: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-38476 fix...

MiracleLinux 8 : httpd:2.4 (AXSA:2024-8660:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8660:01 advisory. httpd: Security issues via?backend applications whose response headers are malicious or exploitable CVE-2024-38476 Tenable has extracted the preceding...

MiracleLinux 7 : httpd-2.4.6-98.7.0.1.el7.AXS7 (AXSA:2023-5265:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5265:04 advisory. httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 Tenable has extracted the preceding description block directly from the MiracleLinu...

MiracleLinux 9 : httpd-2.4.53-7.el9.5, mod_http2-1.15.19-3.el9.5 (AXSA:2023-5276:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5276:01 advisory. httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 Tenable has extracted the preceding description block directly from the MiracleLinu...

MiracleLinux 7 : httpd24-httpd-2.4.34-23.el7.1 (AXSA:2022-3021:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3021:01 advisory. httpd: modlua: Possible buffer overflow when parsing multipart content CVE-2021-44790 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : httpd-2.4.6-99.1.0.2.el7.AXS7 (AXSA:2024-8700:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8700:04 advisory. CVE-2024-38474: modrewrite: server weakness with encoded question marks in backreferences CVE-2024-38475: modrewrite: server weakness in modrewrite...

MiracleLinux 8 : httpd:2.4 (AXSA:2024-8401:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8401:01 advisory. httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 modhttp2: reset requests exhaust memory incomplete fix of CVE-2023-44487...