1265 matches found
CVE-2026-49434
Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...
CVE-2026-50750 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-49270
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...
DEBIAN-CVE-2026-55276
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
DEBIAN-CVE-2026-55956
Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
Adminer 4.6.2 - 5.4.1 Unauthenticated Persistent DoS
Adminer = 5.4.1 contains a denial of service caused by lack of origin validation in version check endpoint, letting attackers trigger server errors via crafted POST requests, exploit requires no special privileges. id: CVE-2026-25892 info: name: Adminer 4.6.2 - 5.4.1 Unauthenticated Persistent Do...
Fedora 43 : dotnet9.0 (2026-2954cd11bd)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2954cd11bd advisory. Update to .NET SDK 9.0.118 and Runtime 9.0.17 Fixes: CVE-2026-45490,CVE-2026-45491,CVE-2026-45591 Release Notes: - SDK:...
EUVD-2026-39627
The Apache Airflow FTP provider's FTPSHook.getconn created an ftplib.FTPTLS connection but never called protp, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using FTPSHook or FTPSFileTransmitOperator to move files over FTPS exposed...
Critical: Red Hat Security Advisory: OpenShift Container Platform 4.12.92 bug fix and security update
Red Hat OpenShift Container Platform release 4.12.92 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...
Wrap-around Error
Overview Affected versions of this package are vulnerable to Wrap-around Error in ReentrantReadWriteLock that causes incorrect write locks. An attacker can cause a thread to incorrectly obtain a write lock without exclusivity by repeatedly acquiring the read lock 32,768 times, which overflows the...
Symlink Attack
Overview py7zr is a Pure python 7-zip library Affected versions of this package are vulnerable to Symlink Attack in the extractall method. An attacker can overwrite arbitrary files on the host system by crafting malicious archives containing symbolic link chains that escape the intended extractio...
CVE-2026-47339
Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrad...
CVE-2026-39999 Apache APISIX: JWT Algorithm Confusion allows authentication bypass
Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which...
Astra Linux – Vulnerability in Tomcat9
The issue involves a vulnerability in the generation of error messages containing sensitive information in Apache Tomcat. This issue affects Apache Tomcat versions starting from 8.5.7 through 8.5.63, and from 9.0.0-M11 through 9.0.43. Other, end-of-life versions may also be affected. It is...
Astra Linux – Vulnerability in Tomcat9
The “Allocation of Resources Without Limits or Throttling” vulnerability in Apache Tomcat exists. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, and from 9.0.0.M1 through 9.0.105. The following versions were already at the end of their...
Astra Linux – Vulnerability in Tomcat9
A Session Fixation vulnerability exists in Apache Tomcat through the rewrite valve. This issue affects Apache Tomcat: versions from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, and from 9.0.0.M1 through 9.0.105. Older, end-of-life versions may also be affected. Users are recommended ...
Astra Linux – Vulnerability in abseil
There exists a heap buffer overflow vulnerability in Abseil-cpp. The constructor methods reserve and rehash, which are used to manage the size of the container’s backing store, do not impose an upper limit on the size of these methods’ arguments. As a result, a caller could pass a very large size...
Unsafe Dependency Resolution
Overview @theia/ai-ide is an AI IDE Agents Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introducing...
Unsafe Dependency Resolution
Overview @theia/ai-editor is a Theia - AI Editor Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introducing...
EUVD-2026-37752
undici WebSocket client vulnerable to denial of service via cumulative fragment bypass...
Allocation of Resources Without Limits or Throttling
Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the handling of WebSocket message fragments. An attacker can cause unbounded memory growth and exhaust system...