DEBIAN-CVE-2026-39304

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...

CVE-2026-34500

A flaw was found in Apache Tomcat where OCSP-based certificate validation may incorrectly soft-fail during CLIENTCERT authentication, even when soft-fail is disabled, under certain FFM-related execution paths. This can result in client certificates being accepted despite failed or unverifiable...

CVE-2026-29129

A flaw was found in Apache Tomcat. This vulnerability occurs when the configured cipher preference order is not preserved. This could allow an attacker to bypass intended security configurations, potentially leading to a weakened security posture or information disclosure. Mitigation Configure...

CVE-2026-32990

A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomplete fix for a previous security issue CVE-2025-66614. This flaw may allow an attacker to bypass security controls or cause unexpected behavior within the application. Mitigation Mitigation for thi...

CVE-2026-24880

A flaw was found in Apache Tomcat. A remote attacker could exploit an inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, by sending a specially crafted request with an invalid chunk extension. This vulnerability allows an attacker to manipulate the way HTTP...

GHSA-2M67-WJPJ-XHG9 vulnerabilities

Vulnerabilities for packages: keycloak-config-cli, logstash-fips, flyway-fips, apache-nifi, apache-nifi-registry, flyway, trino, apicurio-registry, camunda, camunda-zeebe, jenkins...

CLEANSTART-2026-IN87004 In libexpat before 2

Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details...

CLEANSTART-2026-AG20129 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

Linux Distros Unpatched Vulnerability : CVE-2026-34486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue...

Apache Log4cxx 安全漏洞

Apache Log4cxx is a C++ logging framework developed by the Apache Foundation, based on the Apache log4j framework. Versions of Apache Log4cxx prior to 1.7.0 contained security vulnerabilities. These vulnerabilities stemmed from XMLLayout not clearing characters prohibited by the XML 1.0...

PT-2026-32019

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 Description Chamilo LMS is a learning management system. Authenticated users, including students, can write arbitrary content to files on the server through the BigUpload endpoint. The key parameter contro...

Apache Log4j 安全漏洞

Apache Log4j is an open-source logging tool based on Java, developed by the Apache Foundation in the United States. Versions of Apache Log4j JSON Template Layout 2.25.3 and earlier contain security vulnerabilities. These vulnerabilities arise from the JsonTemplateLayout generating invalid JSON...

Apache Log4j 安全漏洞

Apache Log4j is an open-source logging tool based on Java, developed by the Apache Foundation in the United States. Versions of Apache Log4j 2.21.0 to 2.25.3 contain security vulnerabilities. These vulnerabilities stem from CRLF sequence log injection in the RFC5424Layout, which may lead to CRLF...

Apache Log4j 安全漏洞

Apache Log4j is an open-source logging tool based on Java, developed by the Apache Foundation in the United States. Versions of Apache Log4j Core 2.25.3 and earlier contain security vulnerabilities. These vulnerabilities stem from the silent ignoring of the verifyHostName configuration property,...

Apache Log4j 安全漏洞

Apache Log4j is an open-source logging tool based on Java, developed by the Apache Foundation in the United States. There is a security vulnerability in Apache Log4j, which stems from Log4j1XmlLayout failing to escape characters prohibited by the XML 1.0 standard, potentially resulting in...

Linux Distros Unpatched Vulnerability : CVE-2026-34500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache...

Linux Distros Unpatched Vulnerability : CVE-2026-29129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51...

Linux Distros Unpatched Vulnerability : CVE-2026-25854

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat:...

Linux Distros Unpatched Vulnerability : CVE-2026-24880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects...

GHSA-RV64-5GF8-9QQ8 Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...