CVE-2025-58098

Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...

MGASA-2025-0322 Updated apache packages fix security vulnerabilities

Apache HTTP Server: modmd ACME, unintended retry intervals. CVE-2025-55753 Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. CVE-2025-58098 Apache HTTP Server: CGI environment...

Cross-site Scripting

Apache SkyWalking is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of script-related HTML tags, allowing attackers to inject malicious JavaScript into web pages...

Server-Side Request Forgery (SSRF)

apache.nms.amqp is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper URL resolution in the createRequestUrl function that treats paths beginning with // or \ as schema-relative URLs, which allows an attacker to override the intended base URL and force the server...

Exploit for CVE-2025-66516

🚨 CVE-2025-66516 — Critical Apache Tika Vulnerability !G7o6Z...

Linux Distros Unpatched Vulnerability : CVE-2025-59775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM...

PT-2026-20316

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.14 Apache Tomcat versions 10.1.0-M1 through 10.1.49 Apache Tomcat versions 9.0.0-M1 through 9.0.112 Older, End-of-Life EOL versions are also affected Description Apache Tomcat does not properly lim...

Apache 2.4.x < 2.4.66 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.66. It is, therefore, affected by multiple vulnerabilities: - Server-Side Request Forgery SSRF in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially le...

Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

...

Apache HTTP Server: CGI environment variable override

...

Exploit for CVE-2025-66516

CVE-2025-66516 / CVE-2025-54988 - Apache Tika XXE Vulnerabilit...

Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF

...

KLA90892 SB vulnerabilities in Apache Tomcat

Security vulnerabilities were found in Apache Tomcat. Malicious users can exploit these vulnerabilities to bypass security restrictions. Original advisories Fixed in Apache Tomcat 9.0.113 Exploitation Related products Apache-Tomcat CVE list CVE-2025-66614 unknown CVE-2026-24733 unknown Solution...

Exploit for Improper Restriction of XML External Entity Reference in Apache Tika

Apache Tika XXE Vulnerability Tester CVE-2025-54988 A compr...

SUSE CVE-2025-55753

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: fro...

SUSE CVE-2025-58098

Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...

SUSE CVE-2025-59775

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

SUSE CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

SUSE CVE-2025-66200

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity XXE injection attack. The vulnerability, tracked as CVE-2025-66516 , is rated 10.0 on the CVSS scoring scale, indicating maximum severity. "Critical XXE in Apache Tika tika-core 1.13-3.2.1,...