61051 matches found
CVE-2026-33109
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...
CVE-2026-33109 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
...
CLSA-2026-1778178379 httpd: Fix of 2 CVEs
CVE-2017-15710: modauthnzldap out-of-bounds write when accept-language header value is shorter than two characters - CVE-2017-15715: regex anchor in / can match before an embedded newline, allowing .htaccess bypass of trailing-extension filters...
CVE-2026-40010
Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...
CVE-2026-42509
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...
Security Bulletin: IBM Content Navigator is affected by Log4J 1.2.14
Summary IBM Content Navigator is affected by multiple vulnerabilities in Apache Log4j 1.x, a logging library that reached end of life in August 2015. These include multiple Deserialization of Untrusted Data flaws in components such as SocketServer, JMSAppender, JMSSink, and Chainsaw, the most...
Denial Of Service
Apache Neethi is vulnerable to Denial of Service DoS. The vulnerability is due to algorithmic complexity in the policy normalization process, where specially crafted WS-Policy documents trigger exponential Cartesian cross-product expansion, leading to excessive memory allocation and JVM heap...
BIT-THRIFT-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
BIT-THRIFT-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern
Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...
Server-Side Request Forgery (SSRF)
Apache Neethi is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to lack of validation of URIs in the PolicyReference API, allowing applications to fetch policies from arbitrary protocols or internal addresses, enabling attackers to trigger outbound requests to internal o...
BIT-APACHE-2026-29168 Apache HTTP Server: mod_md unrestricted OCSP response
Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...
BIT-APACHE-2026-28780 Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()
Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...
Denial Of Service
Apache Neethi is vulnerable to Denial of Service.The vulnerability is due to improper handling of circular references during policy normalization, where recursive policy references are not detected, leading to infinite loops or excessive recursion that can cause stack overflow or application hang...
Apache HTTP Server: Off-by-one OOB reads in AJP getter functions
...
Apache HTTP Server: mod_md unrestricted OCSP response
...
Apache HTTP Server: mod_dav_lock indirect lock crash
...
Apache HTTP Server: mod_authn_socache crash
...
Apache HTTP Server: mod_auth_digest timing attack
...
Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
...