24h | 7d | 30d

CVE-2026-24072

Overview

  • Apache Software Foundation
  • Apache HTTP Server
04 May 2026
Published
05 May 2026
Updated
CVSS
Pending
EPSS
0.06%
KEV

Description

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Statistics

  • 2 Posts
  • 11 Interactions
Last activity: 17 hours ago

Fediverse

Profile picture fallback
Harry Sintonen @harrysintonen

Several vulnerabilities in HTTP Server 2.4 have been fixed in release 2.4.67. The most severe of these are:

- CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset

- CVE-2026-24072: Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

- CVE-2026-33006: Apache HTTP Server: mod_auth_digest timing attack

httpd.apache.org/security/vuln

  • 5
  • 6
  • 0
  • 21h ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
Apache HTTP Serverの脆弱性(Important: CVE-2026-23918, Moderate: CVE-2026-24072, CVE-2026-33006, Low:複数)と2.4.67リリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #apache #struts security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-33006

Overview

  • Apache Software Foundation
  • Apache HTTP Server
04 May 2026
Published
04 May 2026
Updated
CVSS
Pending
EPSS
0.12%
KEV

Description

A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Statistics

  • 2 Posts
  • 11 Interactions
Last activity: 17 hours ago

Fediverse

Profile picture fallback
Harry Sintonen @harrysintonen

Several vulnerabilities in HTTP Server 2.4 have been fixed in release 2.4.67. The most severe of these are:

- CVE-2026-23918: Apache HTTP Server: http2: double free and possible RCE on early reset

- CVE-2026-24072: Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

- CVE-2026-33006: Apache HTTP Server: mod_auth_digest timing attack

httpd.apache.org/security/vuln

  • 5
  • 6
  • 0
  • 21h ago

Bluesky

Profile picture fallback
OMO @omo.bsky.social
Apache HTTP Serverの脆弱性(Important: CVE-2026-23918, Moderate: CVE-2026-24072, CVE-2026-33006, Low:複数)と2.4.67リリース #sios_tech #security #vulnerability #セキュリティ #脆弱性 #apache #struts security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 17h ago

CVE-2011-0997

Overview

  • Pending
08 Apr 2011
Published
06 Aug 2024
Updated
CVSS
Pending
EPSS
73.50%
KEV

Description

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture fallback
Hilko Bengen @hillu

Not sure if it was a good idea to look this closely: CVE-2026-42511 (#freebsd ) looks awfully similar to CVE-2011-0997 (isc-dhcp).

  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-5174

Overview

  • Progress Software
  • MOVEit Automation
30 Apr 2026
Published
01 May 2026
Updated
CVSS v3.1
HIGH (7.7)
EPSS
0.10%
KEV

Description

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture fallback
Cybersecurity News Everyday @hendryadrian.bsky.social
Progress patches critical MOVEit Automation flaws CVE-2026-4670 (auth bypass, CVSS 9.8) and CVE-2026-5174 (input validation, CVSS 7.7) allowing unauthorized admin access. Fixes released for versions <=2025.1.4. #MOVEit #Airbus #Vulnerability
  • 0
  • 0
  • 0
  • 19h ago
Showing 31 to 34 of 34 CVEs