Lucene search
K

19025 matches found

ATTACKERKB
ATTACKERKB
•added 2026/05/05 12:0 a.m.•6 views

CVE-2026-36356

The GoAhead web server on MeiG Smart FORGESLT711 devices firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint...

5.8AI score0.15394EPSS
Exploits3References4
CNNVD
CNNVD
•added 2026/05/05 12:0 a.m.•11 views

MeiG FORGE_SLT711 ę“ä½œē³»ē»Ÿå‘½ä»¤ę³Øå…„ę¼ę“ž

MeiG FORGESLT711 is an industrial-grade wireless communication module developed by MeiG Corporation. MeiG FORGESLT711 has a vulnerability related to operating system command injection. This vulnerability stems from issues with the /action/SetRemoteAccessCfg endpoint in the GoAhead Web server, whi...

9.1CVSS5.9AI score0.15394EPSS
Exploits3References2
Vulnrichment
Vulnrichment
•added 2026/05/05 12:0 a.m.•8 views

CVE-2026-36356

The GoAhead web server on MeiG Smart FORGESLT711 devices firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint...

5.8AI score0.15394EPSS
Exploits3References3
Positive Technologies
Positive Technologies
•added 2026/05/05 12:0 a.m.•16 views

PT-2026-37044

Name of the Vulnerable Software and Affected Versions MeiG Smart FORGE SLT711 version MDM9607.LE.1.0-00110-STD.PROD-1 Description The GoAhead web server allows unauthenticated OS command injection, a flaw where an attacker can execute arbitrary operating system commands on the device. This issue...

9.1CVSS6AI score0.15394EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
•added 2026/05/05 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-33006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgra...

4.8CVSS5.8AI score0.00557EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
•added 2026/05/05 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-23918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended ...

8.8CVSS6AI score0.4581EPSS
Exploits16References3
CVE
CVE
•added 2026/05/05 12:0 a.m.•26 views

CVE-2026-36356

The CVE-2026-36356 issue affects MeiG Smart FORGE_SLT711 devices running firmware MDM9607.LE.1.0-00110-STD.PROD-1, where the GoAhead web server exposes an unauthenticated /action/SetRemoteAccessCfg endpoint that injects user input into a shell command via sprintf()/system(), enabling arbitrary co...

9.1CVSS5.8AI score0.15394EPSS
In wildExploits3References3
Tenable Nessus
Tenable Nessus
•added 2026/05/05 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a...

5.3CVSS5.8AI score0.00514EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2026/05/04 8:21 p.m.•7 views

CVE-2026-7554

A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitatio...

8.1CVSS5.4AI score0.01097EPSS
Exploits1References1
NVD
NVD
•added 2026/05/04 3:16 p.m.•11 views

CVE-2026-33007

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.3CVSS0.00514EPSS
Exploits0References2
OSV
OSV
•added 2026/05/04 3:16 p.m.•4 views

DEBIAN-CVE-2026-33007

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.3CVSS5.8AI score0.00514EPSS
Exploits0References1
NVD
NVD
•added 2026/05/04 3:16 p.m.•13 views

CVE-2026-33006

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

4.8CVSS0.00557EPSS
Exploits1References2
OSV
OSV
•added 2026/05/04 3:16 p.m.•5 views

DEBIAN-CVE-2026-33006

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

4.8CVSS5.8AI score0.00557EPSS
Exploits1References1
Debian CVE
Debian CVE
•added 2026/05/04 2:48 p.m.•4 views

CVE-2026-29169

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...

7.5CVSS5.8AI score0.00594EPSS
Exploits0
CVE
CVE
•added 2026/05/04 2:44 p.m.•84 views

CVE-2026-23918

CVE-2026-23918 is a vulnerability in Apache HTTP Server affecting version 2.4.66 with the HTTP/2 protocol, described as a double free and possible remote code execution. The issue may impact confidentiality, integrity, and availability (per the CVSS 3.1 metrics: base score 8.8, high impact). Reme...

8.8CVSS5.8AI score0.4581EPSS
Exploits16References6Affected Software1
Cvelist
Cvelist
•added 2026/05/04 2:44 p.m.•78 views

CVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

0.4581EPSS
Exploits16References1
AlpineLinux
AlpineLinux
•added 2026/05/04 2:42 p.m.•4 views

CVE-2026-33006

A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

4.8CVSS5.8AI score0.00557EPSS
Exploits1
Vulnrichment
Vulnrichment
•added 2026/05/04 2:41 p.m.•5 views

CVE-2026-33007 Apache HTTP Server: mod_authn_socache crash

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.8AI score0.00514EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/05/04 2:40 p.m.•5 views

CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

5.8AI score0.00436EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2026/05/04 2:40 p.m.•4 views

CVE-2026-33523

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

6.5CVSS5.8AI score0.00436EPSS
Exploits0
Rows per page
Query Builder