CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в apache2

Before Apache HTTP Server 2.4.55, a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers serve any security purposes, they will not be interpreted by the client...

5.3CVSS6.7AI score0.00539EPSS

Exploits0References2

EUVD•added 2026/05/09 12:43 a.m.•6 views

EUVD-2026-28877

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

8.1CVSS6AI score0.0002EPSS

Exploits0References1

CVE•added 2026/05/04 2:40 p.m.•18 views

CVE-2026-33523

CVE-2026-33523 describes an HTTP response splitting vulnerability in multiple Apache HTTP Server modules when backends are untrusted or compromised. Affected product: Apache HTTP Server up to version 2.4.66. The issue is resolved by upgrading to version 2.4.67. The provided documents do not inclu...

6.5CVSS5.8AI score0.0033EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/04/23 7:12 p.m.•1 views

CVE-2026-41179

A flaw was found in Rclone, a command-line program for syncing files with cloud storage. An unauthenticated attacker can exploit an exposed Remote Control RC endpoint, operations/fsinfo, to instantiate a malicious backend. This allows the attacker to execute arbitrary local commands during backen...

9.8CVSS6.2AI score0.06827EPSS

Exploits1References7

Vulnrichment•added 2025/12/01 10:45 p.m.•5 views

CVE-2025-66448 vLLM vulnerable to remote code execution via transformers_utils/get_config

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with...

7.1CVSS7.7AI score0.00045EPSS

Exploits0References3

OSV•added 2025/12/01 10:45 p.m.•2 views

CVE-2025-66448 vLLM vulnerable to remote code execution via transformers_utils/get_config

7.1CVSS8AI score0.00045EPSS

Exploits0References5

RedHat Linux•added 2024/11/12 9:33 a.m.•3 views

httpd: HTTP response splitting

A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers, resulting in an HTTP response splitting...

7.3CVSS7.1AI score0.04358EPSS

Exploits0References5

RedHat Linux•added 2024/09/24 11:46 a.m.•3 views

httpd: HTTP response splitting

7.3CVSS7.1AI score0.04358EPSS

Exploits0References5

OSV•added 2024/08/27 7:55 p.m.•2 views

CLSA-2024-1724788546 Fix of 5 CVEs

SECURITY UPDATE: http server use exploitable/malicious backend application - debian/patches/CVE-2024-38476.patch: prevent server usage of exploitable/malicious backend application output to run local handlers via internal redirect - CVE-2024-38476 SECURITY UPDATE: modules regression introduced by...

9.8CVSS7.1AI score0.93858EPSS

Exploits4References1

RedHat Linux•added 2024/07/01 8:12 a.m.•3 views

httpd: HTTP response splitting

7.3CVSS7.1AI score0.04358EPSS

Exploits0References5

RedhatCVE•added 2024/04/04 7:32 p.m.•101 views

CVE-2023-38709

6.8CVSS7.1AI score0.04358EPSS

Exploits0References4

OSV•added 2024/03/06 10:51 a.m.•73 views

BIT-APACHE-2022-37436 Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...

5.3CVSS7.3AI score0.00539EPSS

Exploits0References3

AlpineLinux•added 2023/12/12 8:15 p.m.•27 views

CVE-2023-41337

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the...

3.8CVSS6.9AI score0.00061EPSS

Exploits0

UbuntuCve•added 2023/12/12 8:15 p.m.•21 views

CVE-2023-41337

6.7CVSS6.6AI score0.00061EPSS

Exploits0References2

OSV•added 2023/01/17 8:15 p.m.•0 views

ALPINE-CVE-2022-37436

5.3CVSS6.9AI score0.00539EPSS

Exploits0References1

Prion•added 2023/01/17 8:15 p.m.•28 views

Code injection

5CVSS6.8AI score0.00539EPSS

Exploits0References2Affected Software1

OSV•added 2023/01/17 8:15 p.m.•0 views

UBUNTU-CVE-2022-37436

5.3CVSS6.8AI score0.00539EPSS

Exploits0References7

CNNVD•added 2022/03/10 12:0 a.m.•1 views

Linux 竞争条件问题漏洞

Linux is an open source operating system from the Linux Foundation in the United States. A security vulnerability exists in Linux PV devices that stems from a competitive condition and the lack of return code testing in Linux, where a malicious backend of a PV device front-end driver can access...

7CVSS6.7AI score0.00112EPSS

Exploits0References14

CNNVD•added 2022/03/10 12:0 a.m.•1 views

Linux 竞争条件问题漏洞

7CVSS6.7AI score0.00078EPSS

Exploits0References11

FreeBSD•added 2020/04/01 12:0 a.m.•74 views

Apache -- Multiple vulnerabilities

Apache Team reports: SECURITY: CVE-2020-1934 modproxyftp: Use of uninitialized value with malicious backend FTP server. SECURITY: CVE-2020-1927 rewrite, core: Set PCREDOTALL flag by default to avoid unpredictable matches and substitutions with encoded line break characters. The fix for...

6.1CVSS3.7AI score0.27241EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by