CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

OSV•added 2026/03/06 12:43 p.m.•3 views

OESA-2026-1529 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...

8.3CVSS5.8AI score0.00145EPSS

Exploits0References5

OSV•added 2026/01/14 1:6 p.m.•4 views

CLSA-2026-1767949942 httpd: Fix of CVE-2025-58098

CVE-2025-58098: fix passes the shell-escaped query string to exec cmd="..." directives...

8.3CVSS7.2AI score0.00018EPSS

Exploits0References1

RedHat Linux•added 2026/01/06 1:23 a.m.•2 views

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

8.3CVSS5.7AI score0.00018EPSS

Exploits0References5

RedHat Linux•added 2026/01/05 2:1 a.m.•1 views

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

8.3CVSS5.7AI score0.00018EPSS

Exploits0References5

RedhatCVE•added 2025/12/08 10:40 p.m.•1 views

CVE-2025-58098

Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...

8.3CVSS6.4AI score0.00018EPSS

Exploits0References4