CVE-2026-41602

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

CVE-2026-41602

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

EUVD-2025-209581

Mismatched Memory Management Routines vulnerability in Apache Thrift cglib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an cglib-based Thrift server...

BIT-AIRFLOW-2026-40690 Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...

BIT-ACTIVEMQ-2026-40466 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

CLEANSTART-2026-DJ93523 In libexpat before 2

Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details...

CLEANSTART-2026-JP09281 In libexpat before 2

Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details...

CLEANSTART-2026-MS93111 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

CLEANSTART-2026-KL42544 Security fixes for ghsa-72hv-8253-57qq, ghsa-qqpg-mvqg-649v applied in versions: 3.9.4-r0, 3.9.4-r6

Multiple security vulnerabilities affect the apache-zookeeper package. These issues are resolved in later releases. See references for individual vulnerability details...

Apache Thrift 安全漏洞

Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a security vulnerability, which was caused by improper validation of certificates when they did not match the hostnames...

Apache Pony Mail 环境问题漏洞

Apache Pony Mail is a plugin from the Apache Foundation in the United States that includes features for email archiving, viewing, and interaction. Apache Pony Mail has an environmental issue vulnerability, which stems from inconsistent interpretation of HTTP requests, potentially allowing...

Apache Thrift 缓冲区错误漏洞

Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a buffer error vulnerability, which was caused by out-of-bounds read operations...

Apache Thrift 输入验证错误漏洞

Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a vulnerability related to input validation errors, which were caused by integer overflows or circular errors...

Apache Thrift 缓冲区错误漏洞

Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a buffer error vulnerability, which was caused by an out-of-bounds read issue...

PT-2026-35703

Name of the Vulnerable Software and Affected Versions Apache Thrift versions prior to 0.23.0 Description An out-of-bounds read issue exists in Apache Thrift, which occurs when the software reads data past the end of the intended buffer. Recommendations Upgrade to version 0.23.0...

PT-2026-35685

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

Apache Thrift 安全漏洞

Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a security vulnerability caused by uncontrolled recursion...

Apache Thrift 安全漏洞

Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a security vulnerability caused by uncontrolled recursion...

PT-2026-35704

Name of the Vulnerable Software and Affected Versions Apache Thrift versions prior to 0.23.0 Description Uncontrolled Recursion occurs in the Node.js bindings of Apache Thrift. Uncontrolled recursion is a condition where a function calls itself without a proper termination condition, potentially...

Apache Thrift 输入验证错误漏洞

Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Prior to Apache Thrift 0.23.0, there was a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows or circularity issues in the...