About the security content of macOS Tahoe 26.4

About the security content of macOS Tahoe 26.4 This document describes the security content of macOS Tahoe 26.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

Exploit for Path Traversal in Apache Http_Server

PoC эмуляция для CVE CVE CVE-2021-41773 Краткое оп...

PT-2026-31697

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100. Description An open redirect issue exists in Apache Tomcat due to a flaw in the LoadBalancerDrainingValve. This...

PT-2026-31696

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M1 through 9.0.115, 8.5.0 through 8.5.100, and 7.0.0 through 7.0.109 Description An inconsistent interpretation of HTTP requests 'HTTP Request/Response Smugglin...

Exploit for Path Traversal in Apache Http_Server

https://n...

PT-2026-26884

Name of the Vulnerable Software and Affected Versions Apache Artemis versions 2.50.0 through 2.52.0 Apache ActiveMQ Artemis versions 2.0.0 through 2.44.0 Description An authorization issue exists in Apache Artemis and Apache ActiveMQ Artemis. Specifically, when an application utilizing the OpenWi...

Exploit for Missing Authorization in Scshr Hr_Portal

CVE-2025-48734: Apache Commons BeanUtils – enum declaredClass...

CVE-2026-33071 FileRise: WebDAV upload path bypasses filename validation enforced by regular uploads

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In...

Security Bulletin: StackOverflowError Denial-of-Service Vulnerability in Apache Commons Lang ClassUtils.getClass() Due to Uncontrolled Recursion affects watsonx.data

Summary Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very lo...

CVE-2026-32874 vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.12-sdk...

GHSA-C8RR-9GXC-JPRV vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.12-sdk...

GHSA-WGVC-GHV9-3PMM vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.12-sdk...

CVE-2026-32875 vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.12-sdk...

PT-2026-36798

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.67 Description A buffer over-read issue exists in the mod proxy ajp module, specifically within the ajp parse data function. This flaw can lead to a heap over-read and memory disclosure, potentially...

KLA90974 Multiple vulnerabilities in Apache Tomcat

Multiple vulnerabilities were found in Apache Tomcat. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Configured cipher preference order not preserved...

Exploit for OS Command Injection in Apache Tomcat

ISM.bat RCE Exploit PoC script for unauthenticated Remote Cod...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a StackOverflowError CVE-2025-48924

Summary Apache Commons is used by the IBM Datapower Operations Dashboard in their Java components utility operations Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

Security Bulletin: IBM Datapower Operations Dashboard may allow remote attackers to access the ClassLoader and execute arbitrary code CVE-2025-48734

Summary Apache Commons is used by the IBM Datapower Operations Dashboard in their Java components utility implementation Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. Th...

Apache Livy Input Validation Error Vulnerability

Apache Livy is the United States Apache Apache Foundation, an application server . Provides support for programmatic , fault-tolerant , multi-tenant submission of Spark jobs from Web, mobile applications . Apache Livy suffers from an input validation error vulnerability. The vulnerability stems...

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-15159)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...