222110 matches found
CVE-2025-66200
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
MAL-2025-192376 Malicious code in graphnode (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 981903800087e4528bba3ec6bb841e810feaedfa490e7f078fcac9c9d663e4ce This is a malicious copy of the networkx package. It contains an obfuscated script that downloads and runs further scripts from one of multiple locations, and...
Malicious code in graphnode (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 981903800087e4528bba3ec6bb841e810feaedfa490e7f078fcac9c9d663e4ce This is a malicious copy of the networkx package. It contains an obfuscated script that downloads and runs further scripts from one of multiple locations, and...
CVE-2025-66561
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...
CVE-2025-66200
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
AZL-71528 CVE-2025-66200 affecting package httpd for versions less than 2.4.66-1
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
AZL-71525 CVE-2025-65082 affecting package httpd for versions less than 2.4.66-1
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...
ALPINE-CVE-2025-66200
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
CVE-2025-66200
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
UBUNTU-CVE-2025-66200
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
EUVD-2025-201403
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo
moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...
CVE-2025-66200
CVE-2025-66200 affects Apache HTTP Server 2.4.7–2.4.65. A mod_userdir+suexec bypass via AllowOverride FileInfo lets users with htaccess access to the RequestHeader directive cause some CGI scripts to execute under an unexpected userid. Connected advisories confirm the fix is in 2.4.66 (e.g., Debi...
CVE-2025-13621
The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2025-13362
CVE-2025-13362 describes a CSRF vulnerability in the Norby AI WordPress plugin (versions up to and including 1.0.3) caused by missing nonce validation on the settings update function. This could allow unauthenticated attackers to trigger admin actions and inject malicious scripts via forged reque...
PT-2025-49210
The Sermon Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sermon-views shortcode in all versions up to, and including, 2.30.0. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticate...
CVE-2025-54306
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability exists in the network configuration functionality, stemming from insufficient input validation when processing network configuration parameters through administrative...
Adobe Experience Manager (AEM) Custom Scripts Listing Detection
The remote Adobe Experience Manager AEM instance allows for the listing of custom scripts. An unauthenticated, remote attacker can exploit this to enumerate custom scripts, which could lead to information disclosure about the application. No source data...
PT-2025-49043
Name of the Vulnerable Software and Affected Versions Thermo Fisher Torrent Suite Django application version 5.18.1 Description A remote code execution issue exists in the network configuration functionality due to inadequate input validation when handling network configuration parameters via...