PT-2026-35702

Name of the Vulnerable Software and Affected Versions Apache Thrift versions prior to 0.23.0 Description Uncontrolled recursion occurs in Apache Thrift, which can lead to system instability or crashes when the software processes deeply nested data structures. Recommendations Upgrade to version...

PT-2026-35700

Name of the Vulnerable Software and Affected Versions Apache Thrift versions prior to 0.23.0 Description An out-of-bounds read issue exists in Apache Thrift, which occurs when the software reads data outside the intended boundary of a buffer. Recommendations Upgrade to version 0.23.0...

Apache Thrift 安全漏洞

Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a security vulnerability. This vulnerability stemmed from mismatches in the memory management routines in the cglib language...

PT-2026-35698

Mismatched Memory Management Routines vulnerability in Apache Thrift c glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an c glib-based Thrift serve...

PT-2026-35699

Name of the Vulnerable Software and Affected Versions Apache Thrift versions prior to 0.23.0 Description An integer overflow or wraparound issue exists in the Go language implementation of the TFramedTransport component in Apache Thrift. An integer overflow occurs when an arithmetic operation...

Linux Distros Unpatched Vulnerability : CVE-2026-41635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing...

Linux Distros Unpatched Vulnerability : CVE-2026-41409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied t...

PT-2026-35703

Name of the Vulnerable Software and Affected Versions Apache Thrift versions prior to 0.23.0 Description An out-of-bounds read issue exists in Apache Thrift, which occurs when the software reads data past the end of the intended buffer. Recommendations Upgrade to version 0.23.0...

CVE-2026-40490 vulnerabilities

Vulnerabilities for packages: druid, apache-pulsar, tez...

GHSA-P93R-85WP-75V3 vulnerabilities

Vulnerabilities for packages: kserve-modelmesh, ruby3.3-bouncy-castle-java, jenkins, keycloak, zipkin, ruby3.4-bouncy-castle-java, ruby3.2-bouncy-castle-java, spark, wildfly, thingsboard, jruby, apache-pulsar, apache-nifi, druid, gradle, ruby4.0-bouncy-castle-java...

GHSA-CMXV-58FP-FM3G vulnerabilities

Vulnerabilities for packages: druid, apache-pulsar, tez...

CVE-2026-5598 vulnerabilities

Vulnerabilities for packages: kserve-modelmesh, ruby3.3-bouncy-castle-java, jenkins, keycloak, zipkin, ruby3.4-bouncy-castle-java, ruby3.2-bouncy-castle-java, spark, wildfly, thingsboard, jruby, apache-pulsar, apache-nifi, druid, gradle, ruby4.0-bouncy-castle-java...

CVE-2026-40490 vulnerabilities

Vulnerabilities for packages: apache-pulsar-fips, pinot, druid, tez, pinot-fips, apache-pulsar...

GHSA-CMXV-58FP-FM3G vulnerabilities

Vulnerabilities for packages: apache-pulsar-fips, pinot, druid, tez, pinot-fips, apache-pulsar...

Exploit for CVE-2026-33453

Apache Camel 4.18.0 — CVE Security Assessment Three critical...

com.digitalpebble.stormcrawler:storm-crawler-aws (>=2.0 <=2.11), com.digitalpebble.stormcrawler:storm-crawler-core (>=2.0 <=2.11) +77 more potentially affected by CVE-2026-41081 via org.apache.storm:storm-client (>=2.0.0 <=2.8.6)

org.apache.storm:storm-client MAVEN version =2.0.0, =2.0, =2.0, =2.0, =2.0, =2.0, =2.7, =2.0, =2.0, =2.0, =2.1, =2.6.3.1, =2.4.0, =2.4.0, =2.4.0, =2.0.0, =2.8.6 and more Source cves: CVE-2026-41081 Source advisory: OSV:GHSA-J2Q8-XX3Q-8FQH...

GHSA-J2Q8-XX3Q-8FQH Apache Storm's Improper Handling of TLS Client Authentication Failure Leads to Anonymous Principal Assignment

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...

GHSA-82FM-WPC2-5PMP Apache Storm Prometheus Reporter vulnerable to Improper Certificate Validation via Global SSL Context Downgrade

Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skiptlsvalidation by default it is...

Apache Storm's Improper Handling of TLS Client Authentication Failure Leads to Anonymous Principal Assignment

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...

CVE-2026-41635

A flaw was found in Apache MINA. A remote attacker could exploit a vulnerability in the AbstractIoBuffer.resolveClass method, which failed to properly validate class names for static classes or primitive types. This bypasses the intended security control, known as a classname allowlist, allowing ...