24h | 7d | 30d

Overview

  • Apache Software Foundation
  • Apache HTTP Server

04 May 2026
Published
05 May 2026
Updated

CVSS
Pending
EPSS
0.06%

KEV

Description

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Statistics

  • 2 Posts
  • 11 Interactions

Last activity: 17 hours ago

Fediverse

Profile picture fallback

Several vulnerabilities in HTTP Server 2.4 have been fixed in release 2.4.67. The most severe of these are:

- CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset

- CVE-2026-24072: Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

- CVE-2026-33006: Apache HTTP Server: mod_auth_digest timing attack

httpd.apache.org/security/vuln

  • 5
  • 6
  • 0
  • 21h ago

Bluesky

Profile picture fallback
Apache HTTP Serverの脆弱性(Important: CVE-2026-23918, Moderate: CVE-2026-24072, CVE-2026-33006, Low:複数)と2.4.67リリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #apache #struts security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Apache Software Foundation
  • Apache HTTP Server

04 May 2026
Published
04 May 2026
Updated

CVSS
Pending
EPSS
0.12%

KEV

Description

A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Statistics

  • 2 Posts
  • 11 Interactions

Last activity: 17 hours ago

Fediverse

Profile picture fallback

Several vulnerabilities in HTTP Server 2.4 have been fixed in release 2.4.67. The most severe of these are:

- CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset

- CVE-2026-24072: Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

- CVE-2026-33006: Apache HTTP Server: mod_auth_digest timing attack

httpd.apache.org/security/vuln

  • 5
  • 6
  • 0
  • 21h ago

Bluesky

Profile picture fallback
Apache HTTP Serverの脆弱性(Important: CVE-2026-23918, Moderate: CVE-2026-24072, CVE-2026-33006, Low:複数)と2.4.67リリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #apache #struts security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Pending

08 Apr 2011
Published
06 Aug 2024
Updated

CVSS
Pending
EPSS
73.50%

KEV

Description

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

Statistics

  • 1 Post

Last activity: 16 hours ago

Fediverse

Profile picture fallback

Not sure if it was a good idea to look this closely: CVE-2026-42511 (#freebsd ) looks awfully similar to CVE-2011-0997 (isc-dhcp).

  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Progress Software
  • MOVEit Automation

30 Apr 2026
Published
01 May 2026
Updated

CVSS v3.1
HIGH (7.7)
EPSS
0.10%

KEV

Description

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
Progress patches critical MOVEit Automation flaws CVE-2026-4670 (auth bypass, CVSS 9.8) and CVE-2026-5174 (input validation, CVSS 7.7) allowing unauthorized admin access. Fixes released for versions <=2025.1.4. #MOVEit #Airbus #Vulnerability
  • 0
  • 0
  • 0
  • 19h ago
Showing 31 to 34 of 34 CVEs