CLSA-2026-1767949942 httpd: Fix of CVE-2025-58098

CVE-2025-58098: fix passes the shell-escaped query string to exec cmd="..." directives...

MiracleLinux 3 : python-2.4.3-44.0.1.AXS3 (AXSA:2011-183:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-183:01 advisory. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules,...

PT-2026-2970

Impact The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. Patches https://github.com/WeblateOrg/weblate/pull/17516 References Thanks to Lukas May and Michael Leu...

MiracleLinux 4 : httpd-2.2.15-9.2.0.1.AXS4 (AXSA:2011-459:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-459:01 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2011-3192 The byterange filter in the...

CVE-2022-50891 Owlfiles File Manager 12.0.1 Cross-Site Scripting via HTTP Server

Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary...

CVE-2022-50890 Owlfiles File Manager 12.0.1 - Path Traversal

Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the...

EUVD-2026-2092

OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution...

MiracleLinux 9 : httpd-2.4.62-7.el9_7.3 (AXSA:2025-11631:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11631:11 advisory. httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride...

MiracleLinux 8 : httpd:2.4 (AXSA:2026-017:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-017:01 advisory. httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 modmd: Apache HTTP Server: modmd ACME, unintended retry intervals...

MiracleLinux 7 : httpd-2.4.6-99.1.0.8.el7.AXS7 (AXSA:2025-10561:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10561:05 advisory. CVE-2020-35452: modauthdigest: Fix single zero byte stack overflow CVE-2006-20001: moddav: out-of-bounds read/write CVEs: CVE-2020-35452 Apache HTT...

Security Bulletin: IBM HTTP Server, which is bundled with WebSphere Remote Server, is affected by multiple vulnerabilities due to libexpat and the included Apache HTTP Server

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

PT-2026-2315

Name of the Vulnerable Software and Affected Versions OpenCode versions prior to 1.0.216 Description OpenCode, an open source AI coding agent, has an issue where it automatically starts an unauthenticated HTTP server. This allows any local process, or any website due to permissive CORS settings, ...

CVE-2017-18428

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing SEC-290...

CVE-2017-18429

In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination SEC-291...

CVE-2011-0789

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors...

CVE-2020-12442

Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250...

CVE-2023-45318

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability...

PT-2026-2237

CVE-2026-22634 - Apache HTTP Server Unauthenticated Remote Command Execution CVE ID : CVE-2026-22634 Published : Jan. 9, 2026, 4:15 a.m. | 2 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

PT-2026-2234

CVE-2026-22631 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2026-22631 Published : Jan. 9, 2026, 4:15 a.m. | 2 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2026-2236

CVE-2026-22633 - Apache HTTP Server HTTP Header Injection CVE ID : CVE-2026-22633 Published : Jan. 9, 2026, 4:15 a.m. | 2 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...