CVE-2026-34197

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

CVE-2026-34197

The CVE-2026-34197 issue affects Apache ActiveMQ products (Broker, All, and Core) before 5.19.4 and before 6.2.3 (6.0.0–6.2.3 range). The root cause is improper input validation and insecure control of code generation via the Jolokia JMX-HTTP bridge, which can be abused to load a remote Spring XM...

CLEANSTART-2026-DP59378 In libexpat before 2

Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details...

CLEANSTART-2026-FE32006 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

CLEANSTART-2026-PY63724 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

PT-2026-30805

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.7 Apache ActiveMQ Broker versions 6.0.0 through 6.2.5 Apache ActiveMQ All versions prior to 5.19.7 Apache ActiveMQ All versions 6.0.0 through 6.2.5 Apache ActiveMQ versions prior to 5.19.7 Apache...

PT-2026-30940

ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The...

Apache Cassandra 安全漏洞

Apache Cassandra is a distributed NOSQL database developed by the Apache Foundation in the United States. Version 5.0 of Apache Cassandra contains a security vulnerability. This vulnerability stems from improper permission allocation when using MutualTlsAuthenticator in an mTLS environment, which...

ChurchCRM 代码问题漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 6.5.3 had code vulnerabilities. These vulnerabilities stemmed from path traversal vulnerabilities in the backup restoration function, which could allow authenticated administrators to upload arbitrary...

PT-2026-30916

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...

Photon OS 5.0: Apache PHSA-2026-5.0-0798

An update of the apache package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0798. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-33227

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache Active...

Linux Distros Unpatched Vulnerability : CVE-2026-34197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by denial of service (DoS), server-side request forgery (SSRF) protections, leak or corrupt request data, and security by-pass due to the use of Eclipse Jetty

Summary Eclipse Jetty in Apache Solr, and Apache ZooKeeper is used by IBM Operations Analytics - Log Analysis as Solr's HTTP endpoints and admin UI, and on Zookeeper as AdminServer HTTP interface. CVE-2024-8184, CVE-2024-6763, CVE-2024-13009, CVE-2025-11143 Vulnerability Details CVEID:CVE-2024-81...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by potential data integrity and denial of service due to Apache POI

Summary Apache POI in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of extracting text and metadata from document files. CVE‑2022‑26336, CVE‑2025‑31672 Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue...

CLEANSTART-2026-KF75900 In libexpat before 2

Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details...

CLEANSTART-2026-JL41223 In libexpat before 2

Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details...

CLEANSTART-2026-OB18608 Security fixes for ghsa-72hv-8253-57qq, ghsa-qqpg-mvqg-649v applied in versions: 3.9.4-r0, 3.9.4-r6

Multiple security vulnerabilities affect the apache-zookeeper package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-JG79570 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

CLEANSTART-2026-DZ75075 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...