SUSE-SU-2026:0019-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2025-55753: Fixed modmd ACME unintended retry intervals bsc1254511 - CVE-2025-65082: Fixed CGI environment variable override bsc1254514 - CVE-2025-58098: Fixed Server Side Includes adding query string to exec cmd=... bsc1254512 -...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

Revotech I6032W-FHW Authentication Bypass

The Revotech I6032W-FHW IP camera firmware contains an authentication bypass vulnerability in the /cgi-bin/jvsweb.cgi endpoint. The device does not validate the user.name and user.digest fields included in JSON-based API requests, allowing unauthenticated attackers to invoke administrative method...

CVE-2025-67158

An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request...

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-872)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-872 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode...

Exploit for CVE-2025-67159

CVE-2025-67159 — Vatilon-based IP Cameras Summary Vatilon-...

Exploit for OS Command Injection in Php

CVE-2024-4577 - PHP CGI Argument Injection Detection Lab A co...

CVE-2025-15194

A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack...

CLSA-2025-1767027096 httpd: Fix of CVE-2025-58098

CVE-2025-58098: prevent SSI args from being passed to CGI scripts...

CVE-2025-15194

A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack...

SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2025:4518-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4518-1 advisory. - CVE-2025-55753: Fixed modmd ACME unintended retry intervals bsc1254511 - CVE-2025-65082: Fixed CGI environme...

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

CVE-2018-25152

Ecessa Edge EV150 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a form that submits requests to the /cgi-bin/plweb.cgi/utilconfigloginact endpoint to add...

CVE-2025-68915

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...

CVE-2019-25249

The vulnerability CVE-2019-25249 affects devolo dLAN 500 AV Wireless+ (firmware 3.1.0-1). The issue is an authentication bypass in the htmlmgr CGI script, allowing an attacker to enable hidden services (e.g., telnet, remote shell) and reboot the device to gain root access without a password by ma...

CVE-2019-25249 devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr

devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating...

CVE-2019-25236 iSeeQ Hybrid DVR WH-H4 1.03R Unauthenticated Live Stream Disclosure

iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the getjpeg script that allows unauthorized access to live video streams. Attackers can retrieve video snapshots from specific camera channels by sending requests to the /cgi-bin/getjpeg endpoint without authentication...

PT-2025-53335

Name of the Vulnerable Software and Affected Versions devolo dLAN 500 AV Wireless+ version 3.1.0-1 Description The device contains a flaw that allows attackers to bypass authentication and enable hidden services through the htmlmgr CGI script. Attackers can enable services like telnet and remote...

httpd:2.4 security update

httpd 2.4.37-65.0.1.7 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-65.7 - Resolves: RHEL-135054 - httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 - Resolves: RHEL-135039 - httpd: Apache HTTP Server: CGI environment variable...

PT-2025-53347

Name of the Vulnerable Software and Affected Versions Riello UPS NetMan 208 Application versions prior to 1.12 Description The software contains a directory traversal flaw in the cgi-bin/certsupload.cgi component. This allows for file upload outside the intended path, potentially leading to code...