Lucene search
K

727 matches found

RedHat Linux
RedHat Linux
added 2026/02/23 7:20 p.m.3 views

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

8.3CVSS5.7AI score0.015EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/23 7:19 p.m.3 views

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

8.3CVSS5.7AI score0.015EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/21 1:31 a.m.11 views

CVE-2026-27343

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through = 1.2.91...

7.5CVSS5.5AI score0.00423EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: httpd (UTSA-2026-005339)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005339 advisory. Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd=...

8.3CVSS5.6AI score0.015EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/02/06 12:0 a.m.4 views

Security update for libxml2 (moderate)

openSUSE security update: security update for libxml2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20178-1 Rating: moderate References: bsc1256805 Cross-References: CVE-2026-0989 CVSS scores: CVE-2026-0989 SUSE : 3.3...

4.8CVSS5.4AI score0.00419EPSS
Exploits1References1
Veracode
Veracode
added 2026/02/05 4:59 a.m.7 views

OS Command Injection

Apache HTTP Server is vulnerable to OS Command Injection. The vulnerability is due to improper handling of shell-escaped query strings when Server Side Includes SSI with exec cmd="..." are used alongside modcgid, which allows an attacker to inject and execute arbitrary system commands by crafting...

8.3CVSS5.9AI score0.015EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.3 views

Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2026-1397)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1397 advisory. A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives...

3.7CVSS5.5AI score0.00419EPSS
Exploits1References4
NVD
NVD
added 2026/02/03 1:15 a.m.5 views

CVE-2025-61646

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

5.4CVSS0.00234EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 12:16 a.m.6 views

CVE-2025-61635

Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability is associated with program files includes/FancyCaptcha/ApiFancyCaptchaReload.Php. This issue affects ConfirmEdit:...

0.00356EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 12:11 a.m.5 views

CVE-2025-61646

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

5.1CVSS5.2AI score0.00234EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/03 12:11 a.m.5 views

EUVD-2025-206644

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

5.1CVSS5.3AI score0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.7 views

MediaWiki 安全漏洞

MediaWiki is a free and open-source web-based wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. There are security vulnerabilities in versions of MediaWiki prior to 1.39.14,...

6.3CVSS5.8AI score0.00272EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 12:0 a.m.8 views

CVE-2025-70758

CVE-2025-70758 affects the chetans9 core-php-admin-panel. The vulnerability is in includes/auth_validate.php, where after issuing an HTTP redirect with header(Location: login.php) the code does not call exit(), allowing remote unauthenticated attackers to bypass authentication and access protecte...

7.5CVSS5.5AI score0.00624EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/03 12:0 a.m.5 views

EUVD-2025-206699

chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/authvalidate.php. The application sends an HTTP redirect via headerLocation:login.php when a user is not authenticated but fails to call exit afterward. This allows remote...

5.5AI score0.00624EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

Wikimedia ConfirmEdit 安全漏洞

Wikimedia ConfirmEdit is a verification plugin developed by the Wikimedia Foundation. There is a security vulnerability in Wikimedia ConfirmEdit, which stems from a problem with the program file includes/FancyCaptcha/ApiFancyCaptchaReload.Php...

5.8AI score0.00356EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/02 11:48 p.m.26 views

CVE-2025-61639 Suppressed blocked IP is visible in Special:BlockList, RC, and other places

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This...

6.3CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 2026/02/02 11:26 p.m.18 views

CVE-2025-61635

CVE-2025-61635 affects Wikimedia/MediaWiki ConfirmEdit’s ApiFancyCaptchaReload.Php. The related CVE description (via CVE list and Debian advisory) indicates the issue was addressed by adding rate limiting to ApiFancyCaptchaReload, with fixes shipped in MediaWiki updates (e.g., oldstable bookworm:...

5.1AI score0.00356EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/02 11:1 p.m.4 views

CVE-2025-6593

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...

2.1CVSS5.3AI score0.00396EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/02 10:57 p.m.4 views

CVE-2025-6597

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects MediaWiki: from before 1.39.13, 1.42.7, 1.43.2, 1.44.0...

5.3AI score0.00454EPSS
Exploits0References2
OSV
OSV
added 2026/01/22 1:23 p.m.4 views

USN-7974-1 libxml2 vulnerabilities

It was discovered that libxml2 incorrectly handled maliciously crafted SGML catalog files. An attacker could possibly use this issue to cause libxml2 to consume excessive resources, leading to a denial of service. CVE-2025-8732 It was discovered that libxml2 incorrectly handled recursive include...

5.9CVSS5.8AI score0.00755EPSS
Exploits4References5
Rows per page
Query Builder