EulerOS Virtualization 2.13.0 : httpd (EulerOS-SA-2026-2170)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped quer...

openSUSE 16 Security Update : apache2 (openSUSE-SU-2026:20810-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20810-1 advisory. Changes in apache2: Version update to 2.4.66 jscPED-16181 SECURITY: CVE-2025-66200: Apache HTTP Server: moduserdir+suexec bypass via AllowOverri...

Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives

Summary ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because ProjectService.CreateProject writes attacker-supplied compose content to disk without validating includ...

OPENSUSE-SU-2026:20810-1 Security update for apache2

This update for apache2 fixes the following issues: Changes in apache2: Version update to 2.4.66 jscPED-16181 SECURITY: CVE-2025-66200: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo. moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server...

SUSE-SU-2026:21846-1 Security update for apache2

This update for apache2 fixes the following issues: Changes in apache2: Version update to 2.4.66 jscPED-16181 SECURITY: CVE-2025-66200: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo. moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server...

Malicious code in lhisp-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9ba8f52d22e4435a81a1ffe643e4bb25b0e64fff60c585cac35c164e4ccb24f The package is published as a generic logging library but configures a pino-loki transport whose destination defaults to...

MAL-2026-4675 Malicious code in supership-scan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0aebde5ba55a72b6d4c6917ccf22db1427d434fed04cecc22dd16844e2d39033 The package advertises itself as a local-only static analyzer README: "Runs locally. Your code never leaves the machine" and "What's never transmitte...

EUVD-2026-29064

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Skin/Skin.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-34094

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CVE-2026-44777

CVE-2026-44777 affects the jq command-line JSON processor. In versions 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other, leading to a stack overflow during mutual module loading. The connected documents confirm t...

CVE-2026-34094

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

CLSA-2026-1777389615 Fix CVE(s): CVE-2024-45802

SECURITY UPDATE: multiple vulnerabilities in Edge Side Includes ESI processing - debian/rules: build with --disable-esi to remove the vulnerable ESI response processor matches the upstream Squid 6.10 default, where ESI support is disabled by default. - debian/control: drop libexpat1-dev and...

K000160829: Apache HTTP Server Vulnerabilities CVE-2025-55753, CVE-2025-58098, CVE-2025-59775

Security Advisory Description CVE-2025-55753 An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeed...

CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

EUVD-2026-12872

The web interface of the WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 contains hardcoded credential disclosure mechanisms in the form of Server Side Include within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives...

CVE-2026-30701

The web interface of the WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 contains hardcoded credential disclosure mechanisms in the form of Server Side Include within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives...

PT-2026-26107

The web interface of the WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 contains hardcoded credential disclosure mechanisms in the form of Server Side Include within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives...

CVE-2026-30701

The CVE-2026-30701 affects the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02). The vulnerability arises from hardcoded credential disclosure mechanisms using Server Side Include across server-side pages such as login.shtml and settings.shtml, which dynamically retrieve and expose the web ...

CVE-2026-30701

The web interface of the WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 contains hardcoded credential disclosure mechanisms in the form of Server Side Include within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1581)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...