CVE-2026-29167

The CVE affects Apache HTTP Server 2.4.0–2.4.67 with mod_ldap in per-directory configuration, caused by a use-after-free in the LDAP handling path. Remediation is upgrade to Apache HTTP Server 2.4.68, which contains the fix. No exploitation details are provided in the documents.

CVE-2026-29167

Use After Free vulnerability in Apache HTTP Server with modldap in pe...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the proftpd-mod-ldap package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

httpd: multiple XSS flaws due to unescaped hostnames

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...