|
851
|
8.8 |
HIGH
Network
|
-
|
-
|
An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload.
Update
|
CWE-611
XXE
|
CVE-2026-36765
|
2026-05-5 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
852
|
8.8 |
HIGH
Network
|
-
|
-
|
An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary fi…
Update
|
CWE-22
Path Traversal
|
CVE-2026-36762
|
2026-05-5 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
853
|
7.5 |
HIGH
Network
|
-
|
-
|
Buffer Over-read vulnerability in Apache HTTP Server.
This issue affects Apache HTTP Server: through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.
New
|
CWE-126
Buffer Over-read
|
CVE-2026-34059
|
2026-05-5 03:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
854
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server.
This issue affects Apache HTTP Server: through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which f…
New
|
CWE-125
CWE-170
Out-of-bounds Read
Improper Null Termination
|
CVE-2026-34032
|
2026-05-5 03:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
855
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Out-of-bounds Read vulnerability in mod_proxy_ajp of
Apache HTTP Server.
This issue affects Apache HTTP Server: through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-33857
|
2026-05-5 03:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
856
|
6.5 |
MEDIUM
Network
|
-
|
-
|
HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers.
This issue affects Apache HTTP Server: from through 2.4.66.
Users are rec…
New
|
CWE-443
DEPRECATED: HTTP response splitting
|
CVE-2026-33523
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
857
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration.
…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-33007
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
858
|
- |
|
-
|
-
|
A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker.
Users are recommended to upgrade to version 2.4.67, which fixes th…
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-33006
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
859
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
New
|
-
|
CVE-2026-2828
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
860
|
- |
|
-
|
-
|
An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.
Users are recommended to upgra…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-24072
|
2026-05-5 03:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
