Apache CXF 安全漏洞

Apache CXF is an open-source web service framework developed by the Apache Foundation in the United States. This framework supports various web service standards and multiple front-end programming APIs. There are security vulnerabilities in Apache CXF; these vulnerabilities arise from incomplete...

PT-2026-2156

CVE-2026-22161 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2026-22161 Published : Jan. 7, 2026, 12:17 p.m. | 3 hours, 59 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

EUVD-2023-1686

Malicious code in bioql PyPI...

EUVD-2023-2147

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-27807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions...

PT-2025-32668

Name of the Vulnerable Software and Affected Versions: Apache bRPC versions prior to 1.14.1 Description: A flaw in the Redis parser within Apache bRPC allows unauthenticated remote attackers to crash services by triggering unlimited memory allocation. This issue affects the service via network...

ALSA-2025:11332 Important: tomcat9 security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

PT-2025-24054 · Apache · Apache

Name of the Vulnerable Software and Affected Versions: Apache versions prior to the fixed version Description: A missing protection against path traversal allows access to any file on the server. This issue affects the Apache software, allowing unauthorized access to files. Recommendations: For...

CVE-2023-24829

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13....

CVE-2023-28710

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1...

CVE-2023-28326

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room...

CVE-2023-28936

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...

CVE-2023-28707

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2...

CVE-2024-54676

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted...

CVE-2024-54676

CVE-2024-54676 affects Apache OpenMeetings (2.1.0 up to 8.0.0, multiple entries across feeds). The issue is deserialization of untrusted data in cluster mode due to clustering instructions not specifying OpenJPA white/blacklists. Affected users are advised to upgrade to OpenMeetings 8.0.0 and to ...

[SECURITY] Fedora 41 Update: tomcat-9.0.98-1.fc41

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[SECURITY] Fedora 40 Update: tomcat-9.0.98-1.fc40

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Important: Red Hat Security Advisory: pki-servlet-engine security update

An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2024-45217

Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted...

Apache mod_isapi Dangling Pointer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache modisapi Dangling Pointer', 'Description' = %q This module triggers a use-after-free vulnerability in the Apache Software Foundation...