ZDNet

Apache's new security update for HTTP Server fixes two flaws

The Apache Software Foundation has released an update to address a critical flaw in its hugely popular web server that allows remote attackers to take control of a vulnerable system. The first Apache ...
ZDNet

CISA releases advisory on five Apache HTTP server vulnerabilities affecting Cisco products

Cisco noted that one of the vulnerabilities in the mod_proxy module of Apache HTTP Server (httpd) could allow an unauthenticated, remote attacker to make the httpd server forward requests to an ...
Security Boulevard

CVE-2026-23918: Apache HTTP/2 Double-Free Vulnerability with Possible RCE

CVE-2026-23918 is a high-severity Apache HTTP/2 double-free flaw affecting version 2.4.66. Learn the root cause, who's at risk, and how to patch or mitigate it. The post CVE-2026-23918: Apache HTTP/2 ...

Apache HTTP Server: Highly critical flaws allow malicious code injection

In Apache HTTP Server 2.4.67, developers are patching several security vulnerabilities, some of which allow the injection of malicious code.
Bleeping Computer

Apache emergency update fixes incomplete patch for exploited bug

Apache Software Foundation has released HTTP Web Server 2.4.51 after researchers discovered that a previous security update didn't correctly fix an actively exploited vulnerability. Apache HTTP Server ...
Threat Post

Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS

Don’t freak: It’s got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD’s tendency to tiptoe into software projects. Don’t duck at the latest mention of Apache: ...
heise online

Security Updates: Apache HTTP Server and Tika are vulnerable

Attackers can exploit several security vulnerabilities to attack computers running Apache HTTP Server or Tika. The descriptions of the vulnerabilities suggest that attackers could compromise systems ...