Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, whic...

PT-2026-32444

CLIENT CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to versio...

Exploit for SQL Injection in Apache Superset

CVE-2026-23980 - Apache Superset Authenticated SQL Injection...

GHSA-3PXV-7CMR-FJR4 vulnerabilities

Vulnerabilities for packages: spark-fips, solr, pinot, akhq, wavefront-proxy, camunda-zeebe, opensearch, opensearch-fips, wso2is, nuxeo, spark, elasticsearch-fips, kafka-fips, infinispan, kafka-bridge-fips, spark-kubernetes-operator, kserve-modelmesh, strimzi-kafka-operator, apache-tika, airflow,...

CVE-2026-34480 vulnerabilities

Vulnerabilities for packages: spark-fips, solr, pinot, akhq, wavefront-proxy, camunda-zeebe, opensearch, opensearch-fips, wso2is, nuxeo, spark, elasticsearch-fips, kafka-fips, infinispan, kafka-bridge-fips, spark-kubernetes-operator, kserve-modelmesh, strimzi-kafka-operator, apache-tika, airflow,...

CLEANSTART-2026-PH91954 In libexpat before 2

Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details...

CLEANSTART-2026-MZ25894 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

CLEANSTART-2026-NE70100 Security fixes for ghsa-72hv-8253-57qq, ghsa-qqpg-mvqg-649v applied in versions: 3.9.4-r0, 3.9.4-r6

Multiple security vulnerabilities affect the apache-zookeeper package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-HU81793 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

Linux Distros Unpatched Vulnerability : CVE-2026-34481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces inval...

Linux Distros Unpatched Vulnerability : CVE-2026-34479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

Attacker Lab: CVE-2017-5638 & CVE-2021-41773 A 7-host Docker-...

Improper Output Handling

Apache Log4j is vulnerable to Improper Output Handling. The vulnerability is due to JsonTemplateLayout generating invalid JSON when processing non-finite floating-point values e.g., NaN, Infinity, which are not compliant with RFC 8259, allowing attacker-controlled data in log events to produce...

Denial Of Service (DoS)

Apache Cassandra is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient handling of repeated password change operations, which allows an attacker to trigger increased query latency and degrade system performance...

CLEANSTART-2026-LB69194 In libexpat before 2

Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details...

CLEANSTART-2026-QM31011 In libexpat before 2

Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details...

CLEANSTART-2026-SP05210 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

CLEANSTART-2026-EI21238 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

SUSE CVE-2026-25854

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...

SUSE CVE-2026-29129

Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue...