CLEANSTART-2026-KA64649 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

CLEANSTART-2026-NH62318 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

Apache PDFBox 安全漏洞

Apache PDFBox is an open-source tool library based on the Java language, developed by the Apache Foundation. This product provides functions for creating and editing PDF documents. Versions of Apache PDFBox from 2.0.24 to 2.0.36, as well as 3.0.0 to 3.0.7, have security vulnerabilities due to...

PT-2026-32601

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

PT-2026-32603

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

This Week in Spring - April 14th, 2026

Hi, Spring fans! ¡Hola from Barcelona, Spain! I'm at the amazing Spring I/O event, hanging out with some of the amazing Spring ecosystem developers! Life is amazing here in the warm sun of springtime. There's a lot to look at this week, so let's dive right into it! Another nice tutorial on how to...

Apache Apisix 安全漏洞

Apache Apisix is a cloud-native microservices API gateway service provided by the Apache Foundation in the United States. This software is implemented based on OpenResty and etcd, featuring dynamic routing and hot loading of plugins. It is suitable for API management within microservice systems...

Apache Apisix 安全漏洞

Apache APISIX is a cloud-native microservices API gateway service provided by the Apache Foundation in the United States. This software is implemented based on OpenResty and etcd, featuring dynamic routing and hot loading of plugins. It is suitable for API management within microservice systems...

Apache Apisix 安全漏洞

Apache Apisix is a cloud-native microservices API gateway service provided by the Apache Foundation in the United States. This software is implemented based on OpenResty and etcd, featuring dynamic routing and hot loading of plugins. It is suitable for API management within microservice systems...

Important: Red Hat Security Advisory: HawtIO 4.3.1 for Red Hat build of Apache Camel 4 Release and security update.

HawtIO 4.3.1 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update ...

CVE-2026-33704

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user including students can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While .php extensions are...

CVE-2026-40023

A flaw was found in Apache Log4cxx. An attacker who can influence logged data can exploit this by injecting characters forbidden by the XML 1.0 specification a standard for encoding documents into log messages, Network Device Configuration NDC, and Mapped Diagnostic Context MDC property keys and...

CVE-2026-40021

A flaw was found in Apache Log4net. An attacker who can influence specific data fields within log messages can exploit this vulnerability. By injecting characters forbidden by the XML 1.0 specification, the attacker can cause an exception during log serialization, leading to the silent loss of lo...

CVE-2026-34479

A flaw was found in the Apache Log4j 1-to-Log4j 2 bridge. The Log4j1XmlLayout component fails to properly escape characters forbidden by the XML 1.0 standard. This improper handling of characters results in malformed XML output, which can cause downstream log processing systems to drop or fail to...

Insertion of Sensitive Information into Log File

Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File which had masksecret applied. The DAG run logs UI exposes...

apache-airflow (>=3.2.0b1 <=3.2.0b2) potentially affected by CVE-2026-33858 via apache-airflow-task-sdk (>=1.2.0b1 <=1.2.0b2)

apache-airflow-task-sdk PYPI version =1.2.0b1, =3.2.0b1, =3.2.0b2 Source cves: CVE-2026-33858 Source advisory: SNYK:PYTHON-APACHEAIRFLOWTASKSDK-16032066...

airflow-clickhouse-plug (=1.6.2), airflow-clickhouse-plugin (=1.6.0) +18 more potentially affected by CVE-2026-33858 via apache-airflow-core (>=3.1.8 <=3.2.0b2)

apache-airflow-core PYPI version =3.1.8, =0.6.0, =3.1.8, =1.0.2, =0.0.13, =10.13.0, =1.1.8, =0.0.4, =0.1.0, =12.9.0, =7.1.0, =1.15.20, =1.2.4, =1.9.17, =1.10.13 and more Source cves: CVE-2026-33858 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16032065...

CVE-2026-34480

A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...

BIT-TOMCAT-2026-29146 Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0 through 11.0.18, from 10.0.0 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are recommended t...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2025-66236 via apache-airflow (>=3.0.0 <=3.1.8)

apache-airflow PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2025-66236 Source advisory: OSV:GHSA-J86X-FWP2-QH7V...