Lucene search
K

122 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/22 7:47 a.m.9 views

CVE-2025-62198

An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue...

5.8AI score0.00315EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 4:16 p.m.4 views

ALPINE-CVE-2026-34356

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.5CVSS5.9AI score0.00682EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 4:16 p.m.30 views

UBUNTU-CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

9.8CVSS5.4AI score0.00486EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 3:11 p.m.13 views

EUVD-2026-35088

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the modproxyftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.4AI score0.00562EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 3:7 p.m.448 views

CVE-2026-29167

CVE-2026-29167 is a Use After Free vulnerability in Apache HTTP Server when using mod_ldap in per-directory configuration. The issue affects Apache HTTP Server versions 2.4.0 through 2.4.67. The CVSS base score is 9.8 (Network, N), with high impact on confidentiality, integrity, and availability....

9.8CVSS5.4AI score0.00663EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.14 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There were security vulnerabilities in Apache HTTP Server versions 2.4.0 to 2.4.67. These...

7.5CVSS5.6AI score0.00682EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.23 views

PT-2026-47313

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A Use After Free issue exists in Apache HTTP Server when using mod ldap in per-directory configuration. Use After Free occurs when an application continues to use a pointer after it...

9.8CVSS5.6AI score0.8377EPSS
Exploits10References135
OSV
OSV
added 2026/05/21 8:9 a.m.77 views

CLEANSTART-2026-GZ35045 Security fixes for CVE-2024-36537, CVE-2025-47910, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2026-25518, CVE-2026-27143, CVE-2026-27144, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-32952, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-35469, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-gx3x-vq4p-mhhv, ghsa-hr2v-4r36-88hr, ghsa-mh2q-q3fh-2475, ghsa-p77j-4mvh-x3m3, ghsa-pc3f-x583-g7j2, ghsa-pjcq-xvwq-hhpj applied in versions: 2.4.0-r1, 2.4.0-r2, 2.4.0-r3

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.8CVSS7.3AI score0.01027EPSS
Exploits5References83
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in openjpeg2

A flaw was discovered in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, resulting in an out-of-bounds read. The greatest threat from this vulnerability is system availability...

7.1CVSS6.4AI score0.01682EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/18 12:0 a.m.11 views

CVE-2026-39079

An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components...

5.8AI score0.0031EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.18 views

PT-2026-34150

Vulnerability in Oracle Fusion Middleware component: Dynamic Monitoring Service. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware. Successful...

5.4CVSS5.7AI score0.00152EPSS
Exploits0References3
OSV
OSV
added 2026/04/07 12:8 p.m.4 views

CVE-2026-3466 Cross-site scripting in dashlet title

Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0 allows an attacker with dashboard creation privileges to perform stored cross-site scripting XSS attacks by tricking a...

8.5CVSS5.8AI score0.00228EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.5 views

SUSE CVE-2026-28512

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback URL validation allowed crafted redirecturi values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a...

7.1CVSS5.9AI score0.00204EPSS
Exploits0References3
CVE
CVE
added 2026/03/24 5:37 a.m.17 views

CVE-2026-4751

CVE-2026-4751 : Affected software is tmate before version 2.4.0. The vulnerability is a NULL pointer dereference in the tmate-io tmate component. The available documents do not provide explicit impact, exploit details, or remediation steps. If present, further specifics (impact scope, CVSS) would...

5.3CVSS5.8AI score0.00312EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 5:37 a.m.4 views

CVE-2026-4751 NULL Pointer Dereference in tmate-io tmate

NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0...

5.3CVSS5.9AI score0.00312EPSS
Exploits0References4
NVD
NVD
added 2026/03/13 7:54 p.m.11 views

CVE-2026-2859

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deployagent endpoint, which could lead to information disclosure...

6.3CVSS0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.2 views

CVE-2026-32416 WordPress PDF Poster plugin <= 2.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through = 2.4.0...

5.8AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.7 views

mold 安全漏洞

mold is a high-speed modern linker developed by Rui Ueyama as an individual contributor. Versions of mold 2.40.4 and earlier contained security vulnerabilities, which stemmed from a buffer overflow vulnerability in the function mold::ObjectFilemold::X8664::initializesections within the Object Fil...

5.3CVSS6.3AI score0.00127EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.7 views

CVE-2026-28513

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.4.0, the OIDC token endpoint rejects an authorization code only when both the client ID is wrong and the code is expired. This allows cross-client code exchange and expired code reuse...

8.5CVSS5.8AI score0.00257EPSS
Exploits1References1
NVD
NVD
added 2026/03/10 5:38 p.m.6 views

CVE-2026-28513

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.4.0, the OIDC token endpoint rejects an authorization code only when both the client ID is wrong and the code is expired. This allows cross-client code exchange and expired code reuse...

8.5CVSS0.00257EPSS
Exploits1References1
Rows per page
Query Builder