CVE-2026-44186
- EPSS 0.56%
- Veröffentlicht 08.06.2026 15:11:12
- Zuletzt bearbeitet 11.06.2026 04:01:39
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to...
CVE-2026-29170
- EPSS 0.5%
- Veröffentlicht 08.06.2026 15:10:09
- Zuletzt bearbeitet 09.06.2026 16:21:31
A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to up...
CVE-2026-29167
- EPSS 0.66%
- Veröffentlicht 08.06.2026 15:07:59
- Zuletzt bearbeitet 09.06.2026 16:29:16
Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.
CVE-2026-28780
- EPSS 1.33%
- Veröffentlicht 05.05.2026 22:16:00
- Zuletzt bearbeitet 09.07.2026 13:16:54
Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled by...
CVE-2026-29168
- EPSS 0.63%
- Veröffentlicht 05.05.2026 14:16:08
- Zuletzt bearbeitet 06.05.2026 18:39:20
Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which ...
CVE-2026-29169
- EPSS 0.59%
- Veröffentlicht 04.05.2026 14:48:29
- Zuletzt bearbeitet 05.05.2026 21:16:21
A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_...
CVE-2026-23918
- EPSS 49.73%
- Veröffentlicht 04.05.2026 14:44:28
- Zuletzt bearbeitet 30.06.2026 03:17:35
Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
CVE-2026-33006
- EPSS 0.56%
- Veröffentlicht 04.05.2026 14:42:03
- Zuletzt bearbeitet 04.05.2026 20:23:31
A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue.
CVE-2026-33007
- EPSS 0.51%
- Veröffentlicht 04.05.2026 14:41:27
- Zuletzt bearbeitet 04.05.2026 20:22:13
A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67,...
CVE-2026-33523
- EPSS 0.44%
- Veröffentlicht 04.05.2026 14:40:41
- Zuletzt bearbeitet 04.05.2026 20:21:15
HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes ...