CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

RedhatCVE•added 2026/06/18 2:43 p.m.•8 views

CVE-2026-34355

A vulnerability has been identified in the Apache HTTP Server. If the server is configured to connect to a malicious or compromised backend server, an attacker could exploit this flaw to bypass security controls or run unauthorized code on the system. Mitigation Disable the modproxyhtml module if...

7.5CVSS5.3AI score0.00565EPSS

Exploits0References4

OSV•added 2026/06/10 8:39 a.m.•7 views

BIT-APACHE-2026-44186 Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.3CVSS5.4AI score0.00562EPSS

Exploits0References3

AlpineLinux•added 2026/06/08 3:11 p.m.•8 views

CVE-2026-44186

7.3CVSS5.4AI score0.00562EPSS

Exploits0

EUVD•added 2026/05/09 12:43 a.m.•8 views

EUVD-2026-28877

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

8.1CVSS6AI score0.00372EPSS

Exploits0References1

CVE•added 2026/05/04 2:40 p.m.•44 views

CVE-2026-33523

CVE-2026-33523 describes an HTTP response splitting vulnerability in multiple Apache HTTP Server modules when backends are untrusted or compromised. Affected product: Apache HTTP Server up to version 2.4.66. The issue is resolved by upgrading to version 2.4.67. The provided documents do not inclu...

6.5CVSS5.8AI score0.00436EPSS

Exploits0References2Affected Software1

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability in Apache2

Before Apache HTTP Server 2.4.55, a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers serve any security purposes, they will not be interpreted by the client...

5.3CVSS6.6AI score0.57941EPSS

Exploits0References2

RedhatCVE•added 2026/04/23 7:12 p.m.•4 views

CVE-2026-41179

A flaw was found in Rclone, a command-line program for syncing files with cloud storage. An unauthenticated attacker can exploit an exposed Remote Control RC endpoint, operations/fsinfo, to instantiate a malicious backend. This allows the attacker to execute arbitrary local commands during backen...

9.8CVSS6.2AI score0.08375EPSS

Exploits1References7

Vulnrichment•added 2025/12/01 10:45 p.m.•7 views

CVE-2025-66448 vLLM vulnerable to remote code execution via transformers_utils/get_config

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with...

7.1CVSS7.7AI score0.00575EPSS

Exploits0References3

OSV•added 2025/12/01 10:45 p.m.•3 views

CVE-2025-66448 vLLM vulnerable to remote code execution via transformers_utils/get_config

7.1CVSS8AI score0.00575EPSS

Exploits0References5

RedHat Linux•added 2024/11/12 9:33 a.m.•5 views

httpd: HTTP response splitting

A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting...

7.3CVSS7.1AI score0.03914EPSS

Exploits0References5

RedHat Linux•added 2024/09/24 11:46 a.m.•4 views

httpd: HTTP response splitting

7.3CVSS7.1AI score0.03914EPSS

Exploits0References5

OSV•added 2024/08/27 7:55 p.m.•3 views

CLSA-2024-1724788546 Fix of 5 CVEs

SECURITY UPDATE: http server use exploitable/malicious backend application - debian/patches/CVE-2024-38476.patch: prevent server usage of exploitable/malicious backend application output to run local handlers via internal redirect - CVE-2024-38476 SECURITY UPDATE: modules regression introduced by...

9.8CVSS7.1AI score0.99957EPSS

Exploits4References1

RedHat Linux•added 2024/07/01 8:12 a.m.•3 views

httpd: HTTP response splitting

7.3CVSS7.1AI score0.03914EPSS

Exploits0References5

RedhatCVE•added 2024/04/04 7:32 p.m.•102 views

CVE-2023-38709

6.8CVSS7.1AI score0.03914EPSS

Exploits0References4

OSV•added 2024/03/06 10:51 a.m.•74 views

BIT-APACHE-2022-37436 Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...

5.3CVSS7.3AI score0.57941EPSS

Exploits0References3

AlpineLinux•added 2023/12/12 8:15 p.m.•27 views

CVE-2023-41337

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the...

3.8CVSS6.9AI score0.00181EPSS

Exploits0