httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

Security Bulletin: A vulnerability has been identified in IBM HTTP Server, which is used by IBM WebSphere Application Server and, in turn, by IBM Rational ClearQuest.

Summary IBM HTTP Server is utilized by IBM WebSphere Application Server, which in turn is used by the IBM Rational ClearQuest server. Details regarding security vulnerabilities impacting IBM HTTP Server have been released in an official security bulletin. Vulnerability Details Refer to the securi...

Multiple Vulnerabilities in Cosminexus HTTP Server

Overview Multiple vulnerabilities have been found in Cosminexus HTTP Server. CVE-2025-49630, CVE-2025-53020 These vulnerabilities does not apply if HTTP/2 protocol is disabled. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the...

Vulnerability in Cosminexus HTTP Server and Hitachi Web Server

Overview Vulnerability has been found in Cosminexus HTTP Server and Hitachi Web Server. CVE-2024-43204 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

CLSA-2026-1770310535 java-1.8.0-openjdk: Fix of 3 CVEs

Upgrade to shenandoah-jdk8u482-b08 GA fixing the following CVE: - CVE-2026-21945: enhance certificate checking - CVE-2026-21925: improve JMX connections - CVE-2026-21933: improve HttpServer request handling...

PT-2026-8286

CVE-2026-26296 - Apache HTTP Server Unvalidated Request Parameter CVE ID : CVE-2026-26296 Published : Feb. 14, 2026, 4:15 a.m. | 1 hour, 26 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, an...

PT-2026-8291

CVE-2026-26301 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-26301 Published : Feb. 14, 2026, 4:15 a.m. | 1 hour, 26 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-8293

CVE-2026-26303 - Apache HTTP Server Cross-Site Request Forgery CSRF CVE ID : CVE-2026-26303 Published : Feb. 14, 2026, 4:15 a.m. | 1 hour, 26 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline,...

RLSA-2026:0933 Important: java-25-openjdk security update

The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit. Security Fixes: JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945 libpng:...

PT-2026-8259

CVE-2025-35993 - Apache HTTP Server DNS Rebinding CVE ID : CVE-2025-35993 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the link for more...

PT-2026-8264

CVE-2025-36526 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-36526 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the link f...

PT-2026-8267

CVE-2025-36538 - Apache HTTP Server Cross-Site Scripting CVE ID : CVE-2025-36538 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the link fo...

PT-2026-8271

CVE-2025-36542 - Apache HTTP Server XML External Entity XXE Injection CVE ID : CVE-2025-36542 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visi...

PT-2026-8254

CVE-2025-32734 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-32734 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the link f...

PT-2026-8225

CVE-2026-26249 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-26249 Published : Feb. 13, 2026, 4:15 a.m. | 3 hours, 16 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-8278

CVE-2025-68125 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-68125 Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago Description : Rejected reason: reserved but not needed Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

PT-2026-8269

CVE-2024-34154 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2024-34154 Published : Feb. 13, 2026, 9:16 p.m. | 2 hours, 19 minutes ago Description : Rejected reason: reserved but not needed Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

PT-2026-8256

CVE-2025-35961 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-35961 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the link f...

PT-2026-8228

CVE-2026-26252 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2026-26252 Published : Feb. 13, 2026, 4:15 a.m. | 3 hours, 16 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-8273

CVE-2025-36552 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-36552 Published : Feb. 13, 2026, 7:16 p.m. | 18 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the link f...