727 matches found
httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...
A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...
httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...
A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...
CVE-2026-27343
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through = 1.2.91...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: httpd (UTSA-2026-005339)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005339 advisory. Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd=...
Security update for libxml2 (moderate)
openSUSE security update: security update for libxml2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20178-1 Rating: moderate References: bsc1256805 Cross-References: CVE-2026-0989 CVSS scores: CVE-2026-0989 SUSE : 3.3...
OS Command Injection
Apache HTTP Server is vulnerable to OS Command Injection. The vulnerability is due to improper handling of shell-escaped query strings when Server Side Includes SSI with exec cmd="..." are used alongside modcgid, which allows an attacker to inject and execute arbitrary system commands by crafting...
Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2026-1397)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1397 advisory. A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives...
CVE-2025-61646
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...
CVE-2025-61635
Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability is associated with program files includes/FancyCaptcha/ApiFancyCaptchaReload.Php. This issue affects ConfirmEdit:...
CVE-2025-61646
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...
EUVD-2025-206644
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...
MediaWiki 安全漏洞
MediaWiki is a free and open-source web-based wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. There are security vulnerabilities in versions of MediaWiki prior to 1.39.14,...
CVE-2025-70758
CVE-2025-70758 affects the chetans9 core-php-admin-panel. The vulnerability is in includes/auth_validate.php, where after issuing an HTTP redirect with header(Location: login.php) the code does not call exit(), allowing remote unauthenticated attackers to bypass authentication and access protecte...
EUVD-2025-206699
chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/authvalidate.php. The application sends an HTTP redirect via headerLocation:login.php when a user is not authenticated but fails to call exit afterward. This allows remote...
Wikimedia ConfirmEdit 安全漏洞
Wikimedia ConfirmEdit is a verification plugin developed by the Wikimedia Foundation. There is a security vulnerability in Wikimedia ConfirmEdit, which stems from a problem with the program file includes/FancyCaptcha/ApiFancyCaptchaReload.Php...
CVE-2025-61639 Suppressed blocked IP is visible in Special:BlockList, RC, and other places
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This...
CVE-2025-61635
CVE-2025-61635 affects Wikimedia/MediaWiki ConfirmEdit’s ApiFancyCaptchaReload.Php. The related CVE description (via CVE list and Debian advisory) indicates the issue was addressed by adding rate limiting to ApiFancyCaptchaReload, with fixes shipped in MediaWiki updates (e.g., oldstable bookworm:...
CVE-2025-6593
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...
CVE-2025-6597
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects MediaWiki: from before 1.39.13, 1.42.7, 1.43.2, 1.44.0...
USN-7974-1 libxml2 vulnerabilities
It was discovered that libxml2 incorrectly handled maliciously crafted SGML catalog files. An attacker could possibly use this issue to cause libxml2 to consume excessive resources, leading to a denial of service. CVE-2025-8732 It was discovered that libxml2 incorrectly handled recursive include...