Lucene search
K

727 matches found

NVD
NVD
added yesterday5 views

CVE-2026-8857

A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-58030

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation SyntaxHighlightGeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlightGeSHi: from before 1.46.0,...

5.3CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-58026

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Parser/Parser.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-58038

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files includes/Timeline.Php, scripts/EasyTimeline.Pl. This issue affects timeline: from before 1.46.0, 1.45.4,...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51640

Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.6.4 Description A flaw in the trust mechanism allows arbitrary command execution when a directory contains task-include directories such as mise-tasks/, .mise/tasks/, etc. but lacks a configuration file. In this...

8.6CVSS6.1AI score0.00184EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Apache2

Apache HTTP Server 2.4.65 and earlier, with Server Side Includes SSI enabled and modcgid but not modcgi, pass the shell-escaped query string to the exec cmd="..." directives. This issue affects Apache HTTP Server versions prior to 2.4.66. Users are recommended to upgrade to version 2.4.66, which...

8.3CVSS7.1AI score0.015EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.6 views

EulerOS Virtualization 2.13.0 : httpd (EulerOS-SA-2026-2170)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped quer...

8.3CVSS5.6AI score0.015EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.16 views

openSUSE 16 Security Update : apache2 (openSUSE-SU-2026:20810-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20810-1 advisory. Changes in apache2: Version update to 2.4.66 jscPED-16181 SECURITY: CVE-2025-66200: Apache HTTP Server: moduserdir+suexec bypass via AllowOverri...

9.1CVSS7AI score0.04409EPSS
Exploits2References24
Github Security Blog
Github Security Blog
added 2026/05/28 10:39 p.m.19 views

Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives

Summary ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because ProjectService.CreateProject writes attacker-supplied compose content to disk without validating includ...

7.7CVSS6AI score0.00307EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/26 9:51 a.m.10 views

OPENSUSE-SU-2026:20810-1 Security update for apache2

This update for apache2 fixes the following issues: Changes in apache2: Version update to 2.4.66 jscPED-16181 SECURITY: CVE-2025-66200: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo. moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server...

9.1CVSS7.1AI score0.04409EPSS
Exploits2References12
OSV
OSV
added 2026/05/26 9:46 a.m.3 views

SUSE-SU-2026:21846-1 Security update for apache2

This update for apache2 fixes the following issues: Changes in apache2: Version update to 2.4.66 jscPED-16181 SECURITY: CVE-2025-66200: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo. moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server...

9.1CVSS7AI score0.04409EPSS
Exploits2References13
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 1:8 p.m.14 views

Malicious code in lhisp-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9ba8f52d22e4435a81a1ffe643e4bb25b0e64fff60c585cac35c164e4ccb24f The package is published as a generic logging library but configures a pino-loki transport whose destination defaults to...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/20 10:1 p.m.9 views

MAL-2026-4675 Malicious code in supership-scan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0aebde5ba55a72b6d4c6917ccf22db1427d434fed04cecc22dd16844e2d39033 The package advertises itself as a local-only static analyzer README: "Runs locally. Your code never leaves the machine" and "What's never transmitte...

5.9AI score
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:31 p.m.15 views

EUVD-2026-29064

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Skin/Skin.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

2.1CVSS5.8AI score0.00237EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 6:16 p.m.9 views

CVE-2026-34094

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

3.8CVSS0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 5:23 p.m.24 views

CVE-2026-44777

CVE-2026-44777 affects the jq command-line JSON processor. In versions 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other, leading to a stack overflow during mutual module loading. The connected documents confirm t...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:50 p.m.9 views

CVE-2026-34094

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

2CVSS5.8AI score0.0017EPSS
Exploits0References2
OSV
OSV
added 2026/04/28 3:20 p.m.5 views

CLSA-2026-1777389615 Fix CVE(s): CVE-2024-45802

SECURITY UPDATE: multiple vulnerabilities in Edge Side Includes ESI processing - debian/rules: build with --disable-esi to remove the vulnerable ESI response processor matches the upstream Squid 6.10 default, where ESI support is disabled by default. - debian/control: drop libexpat1-dev and...

7.5CVSS5.8AI score0.45289EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/04/16 7:15 a.m.10 views

K000160829: Apache HTTP Server Vulnerabilities CVE-2025-55753, CVE-2025-58098, CVE-2025-59775

Security Advisory Description CVE-2025-55753 An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeed...

8.3CVSS7.1AI score0.015EPSS
Exploits0
NVD
NVD
added 2026/03/27 3:17 p.m.7 views

CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS0.00202EPSS
Exploits1References2
Rows per page
Query Builder