CVE-2026-33769 Astro: Remote allowlist bypass via unanchored matchPathname wildcard

Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for / wildcards is unanchored, so a pathname that...

Vulnerability fixed in Apache ActiveMQ

Apache Foundation has fixed a vulnerability in ActiveMQ. A authenticated malicious person could exploit the vulnerability to execute arbitrary code with application privileges. Apache Foundation has released updates to fix the vulnerability fix in ActiveMQ 5.16.6, 5.17.4, 5.18.0 & 6.0.0. For more...