openSUSE 16 Security Update : apache2 (openSUSE-SU-2026:20810-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20810-1 advisory. Changes in apache2: Version update to 2.4.66 jscPED-16181 SECURITY: CVE-2025-66200: Apache HTTP Server: moduserdir+suexec bypass via AllowOverri...

Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives

Summary ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because ProjectService.CreateProject writes attacker-supplied compose content to disk without validating includ...

OPENSUSE-SU-2026:20810-1 Security update for apache2

This update for apache2 fixes the following issues: Changes in apache2: Version update to 2.4.66 jscPED-16181 SECURITY: CVE-2025-66200: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo. moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server...

SUSE-SU-2026:21846-1 Security update for apache2

This update for apache2 fixes the following issues: Changes in apache2: Version update to 2.4.66 jscPED-16181 SECURITY: CVE-2025-66200: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo. moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server...

Malicious code in lhisp-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9ba8f52d22e4435a81a1ffe643e4bb25b0e64fff60c585cac35c164e4ccb24f The package is published as a generic logging library but configures a pino-loki transport whose destination defaults to...

MAL-2026-4675 Malicious code in supership-scan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0aebde5ba55a72b6d4c6917ccf22db1427d434fed04cecc22dd16844e2d39033 The package advertises itself as a local-only static analyzer README: "Runs locally. Your code never leaves the machine" and "What's never transmitte...

Astra Linux - уязвимость в squid

Squid is a caching proxy for the web that supports HTTP, HTTPS, FTP, and other protocols. Due to an out-of-bounds write vulnerability when assigning ESI variables, Squid is susceptible to a memory corruption error. This error can lead to a denial-of-service attack...

EUVD-2026-29064

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Skin/Skin.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-34094

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-44777

CVE-2026-44777 affects the jq command-line JSON processor. In versions 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other, leading to a stack overflow during mutual module loading. The connected documents confirm t...

CVE-2026-34094

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

Astra Linux - уязвимость в apache2

Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...

K000160829: Apache HTTP Server Vulnerabilities CVE-2025-55753, CVE-2025-58098, CVE-2025-59775

Security Advisory Description CVE-2025-55753 An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeed...

CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

EUVD-2026-12872

The web interface of the WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 contains hardcoded credential disclosure mechanisms in the form of Server Side Include within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives...

CVE-2026-30701

The web interface of the WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 contains hardcoded credential disclosure mechanisms in the form of Server Side Include within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives...

CVE-2026-30701

The CVE covers the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02). The vulnerability arises from hardcoded credential disclosure mechanisms implemented via Server Side Includes on multiple pages (e.g., login.shtml, settings.shtml) that dynamically retrieve and expose the web administratio...

CVE-2026-30701

The web interface of the WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 contains hardcoded credential disclosure mechanisms in the form of Server Side Include within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives...

PT-2026-26107

The web interface of the WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 contains hardcoded credential disclosure mechanisms in the form of Server Side Include within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives...

EulerOS Virtualization 2.12.0 : httpd (EulerOS-SA-2026-1487)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped quer...