61119 matches found
CVE-2021-27577
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...
CVE-2021-27850
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...
GHSA-W9FJ-CFPG-GRVV vulnerabilities
Vulnerabilities for packages: hono, seata, spark-fips, keycloak, pinot, akhq, knative-kafka-broker-fips, flyway-fips, kayenta, thingsboard, camunda-zeebe, opensearch, opensearch-fips, spark, elasticsearch-fips, infinispan, kafka-bridge-fips, kafbat-ui-fips, kserve-modelmesh, strimzi-kafka-operato...
CVE-2026-33871 vulnerabilities
Vulnerabilities for packages: hono, seata, spark-fips, keycloak, pinot, akhq, knative-kafka-broker-fips, flyway-fips, kayenta, thingsboard, camunda-zeebe, opensearch, opensearch-fips, spark, elasticsearch-fips, infinispan, kafka-bridge-fips, kafbat-ui-fips, kserve-modelmesh, strimzi-kafka-operato...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2026.
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue...
Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow (traditional and containers) March 2026
Summary In addition to updating many operating system level packages on container images, IBM Business Automation Workflow fixes address the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special...
Security Bulletin:IBM Storage Protect Server is affected by a vulnerability in the Apache POI library that could lead to denial-of-service when processing specially crafted archive files (CVE-2019-12415).
Summary IBM Storage Protect Server uses the Apache POI library in certain components; this library is vulnerable to processing specially crafted archive files that may cause excessive memory allocation, potentially leading to a denial-of-service condition. Vulnerability Details CVEID:CVE-2019-124...
Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the Apache Commons IO library that could lead to denial-of-service when processing specially crafted input (CVE-2025-48924).
Summary IBM Storage Protect Server uses the Apache Commons IO library in certain components; Apache Commons IO is vulnerable to improper resource handling that may lead to denial-of-service conditions when processing specially crafted input. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION:...
Important: tomcat10
Issue Overview: mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through...
CVE-2025-66249
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...
CVE-2026-28779
Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...
CVE-2026-26929
Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...
CVE-2026-33071
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
No d...
Security Bulletin: IBM Operational Decision Manager for March 2026 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-41254...
CVE-2026-22732 vulnerabilities
Vulnerabilities for packages: kafbat-ui-fips, nacos-docker, apache-nifi, apache-nifi-registry, kafbat-ui, thingsboard, camunda, camunda-zeebe, jenkins, nacos...
GHSA-MF92-479X-3373 vulnerabilities
Vulnerabilities for packages: kafbat-ui-fips, nacos-docker, apache-nifi, apache-nifi-registry, kafbat-ui, thingsboard, camunda, camunda-zeebe, jenkins, nacos...
SUSE SLES15 / openSUSE 15 : Security update 5.0.7 for Multi-Linux Manager Client Tools (SUSE-SU-2026:1013-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1013-1 advisory. dracut-saltboot: - Version update to 1.1.0: Retry DHCP requests up to 3 times bsc1253004...
GHSA-MF92-479X-3373 vulnerabilities
Vulnerabilities for packages: apache-nifi, jenkins, apache-nifi-registry, thingsboard...
CVE-2026-22732 vulnerabilities
Vulnerabilities for packages: apache-nifi, jenkins, apache-nifi-registry, thingsboard...