EUVD-2025-201403

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...

CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...

CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...

CVE-2025-66200

CVE-2025-66200 affects Apache HTTP Server 2.4.7–2.4.65. A mod_userdir+suexec bypass via AllowOverride FileInfo lets users with htaccess access to the RequestHeader directive cause some CGI scripts to execute under an unexpected userid. Connected advisories confirm the fix is in 2.4.66 (e.g., Debi...

CVE-2025-65082 Apache HTTP Server: CGI environment variable override

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

CVE-2025-65082

CVE-2025-65082 affects Apache HTTP Server 2.4.0–2.4.65, due to improper neutralization of Escape, Meta, or Control sequences in environment variables set via Apache config, which can supersede server-calculated CGI variables. The issue, identified across multiple advisories (Debian DLA-4452-1, AL...

[SECURITY] Fedora 41 Update: fcgi-2.4.7-1.fc41

FastCGI is a language independent, scalable, open extension to CGI that provides high performance without the limitations of server specific APIs...

CVE-2025-29845

A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files...

CVE-2025-29844

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...

CVE-2025-29843

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files...

CVE-2025-29844

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...

CVE-2025-29843

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files...

CVE-2025-29843

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files...

EUVD-2025-201176

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files...

CVE-2024-45539

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors...

CVE-2024-45539

CVE-2024-45539 is an out-of-bounds write vulnerability in the CGI components of Synology DiskStation Manager (DSM) and Synology Unified Controller (DSMUC). The flaw affects DSM versions before 7.2.1-69057-2, DSM 7.2.2-72806, and DSMUC before 3.1.4-23079. Remote attackers can cause denial of servi...

EUVD-2024-55301

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors...

CVE-2024-45539

Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors...

PT-2025-49121

Name of the Vulnerable Software and Affected Versions ALLNET ALL-RUT22GW version 3.3.8 Description The ALLNET ALL-RUT22GW software contains an OS command injection issue. This occurs through the command parameter within the ''popen.cgi'' endpoint, allowing for potential unauthorized system access...

Linux Distros Unpatched Vulnerability : CVE-2025-65082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration...