PT-2026-37431

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

PT-2026-37375

Name of the Vulnerable Software and Affected Versions Apache Wicket versions 8.0.0 through 8.17.0 Apache Wicket version 9.0.0 Apache Wicket versions 10.0.0 through 10.8.0 Description A session fixation attack is possible due to the missing invocation of the Servlet http web request method...

PT-2026-37663

A NULL pointer dereference in mod dav lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod dav lock is not used internally by mod dav or mod dav fs. The only known use-case for mod dav lock was mod dav svn from Apache Subversion...

PT-2026-37383

Name of the Vulnerable Software and Affected Versions Apache Wicket versions 8.0.0 through 8.17.0 Apache Wicket version 9.0.0 Apache Wicket versions 10.0.0 through 10.8.0 Description Improper neutralization of input during web page generation allows for Cross-site Scripting XSS, a flaw where an...

ROS-20260506-73-0019

A vulnerability in Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260506-73-0018

A vulnerability in Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260506-73-0020

A vulnerability in Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260506-73-0016

A vulnerability in Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260506-73-0015

A vulnerability in Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260506-73-0017

A vulnerability in Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2026-29168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server:...

Linux Distros Unpatched Vulnerability : CVE-2026-5081

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in versio...

ROS-20260506-73-0011

A vulnerability in the OCSP component of Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260506-73-0012

A vulnerability in the OCSP component of Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260506-73-0013

A vulnerability in the OCSP component of Apache Tomcat application server is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

DEBIAN-CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

ALPINE-CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...