BIT-THRIFT-2026-41605 Apache Thrift: Swift Compact Protocol integer overflow

Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

BIT-THRIFT-2026-41604 Apache Thrift: Swift Range crash in skip()

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

BIT-THRIFT-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

BIT-THRIFT-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.

Mismatched Memory Management Routines vulnerability in Apache Thrift cglib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an cglib-based Thrift server...

Vulnerabilities handled in Apache Camel

The Apache Software Foundation has identified vulnerabilities in Apache Camel. These vulnerabilities exist in various components of Apache Camel. The issues include insecure deserialization, insufficient filtering of email headers, incorrect authentication path matching, and improper processing o...

CLEANSTART-2026-TB28500 In libexpat before 2

Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details...

CLEANSTART-2026-ST55360 Security fixes for ghsa-72hv-8253-57qq, ghsa-qqpg-mvqg-649v applied in versions: 3.9.4-r0, 3.9.4-r6

Multiple security vulnerabilities affect the apache-zookeeper package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-SP87460 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

CLEANSTART-2026-BU99819 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

Linux Distros Unpatched Vulnerability : CVE-2026-41605

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version...

Linux Distros Unpatched Vulnerability : CVE-2026-41636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to...

Linux Distros Unpatched Vulnerability : CVE-2026-41604

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which...

Linux Distros Unpatched Vulnerability : CVE-2026-40542

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper...

Improper Authentication

Apache HttpClient is vulnerable to Improper Authentication. The vulnerability is due to a missing verification step in SCRAM-SHA-256 authentication, which allows an attacker to bypass proper mutual authentication checks and be accepted by the client...

NPM: Apache Thrift Node.js bindings vulnerable to Uncontrolled Recursion

NPM: Apache Thrift Node.js bindings vulnerable to Uncontrolled Recursion vulnerability discovered by ? in WordPress Npm thrift versions 0.23.0...

Apache Thrift Node.js bindings vulnerable to Uncontrolled Recursion

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

GHSA-R67J-R569-JRWP Apache Thrift Node.js bindings vulnerable to Uncontrolled Recursion

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

GHSA-WF45-Q9CH-Q8GH Apache Thrift TFramedTransport Go language implementation has an Integer Overflow or Wraparound vulnerability

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

CVE-2026-41043

A flaw was found in Apache ActiveMQ and Apache ActiveMQ Web. An authenticated attacker can exploit a Cross-Site Scripting XSS vulnerability by injecting malicious HTML into a Java Message Service JMS selector field and overriding the content type to HTML. This allows the attacker to display...

ai.chronon:aggregator_2.11 (>=0.0.1 <=thread_contention-0.0.23-dev3), ai.chronon:aggregator_2.12 (>=chaining-0.0.46-dev <=thread_contention-0.0.23-dev3) +3558 more potentially affected by CVE-2026-41603 via org.apache.thrift:libthrift (>=0.10.0 <=0.22.0)

org.apache.thrift:libthrift MAVEN version =0.10.0, =0.0.1, =chaining-0.0.46-dev, =0.0.1, =0.0.1, =0.0.6, =0.0.1, =0.0.62, =0.0.1, =0.0.6, =local, =0.0.86, =0.0.86, =0.0.8, =0.0.6, =3.10.0.5, =3.10.3.6 and more Source cves: CVE-2026-41603 Source advisory: SNYK:JAVA-ORGAPACHETHRIFT-16323114...