CVE-2026-30911 Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization

Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...

PT-2026-25891

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag id set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users a...

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...

PT-2026-25893

Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...

EulerOS Virtualization 2.12.1 : httpd (EulerOS-SA-2026-1430)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped quer...

EulerOS Virtualization 2.12.0 : mod_http2 (EulerOS-SA-2026-1501)

According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be...

EulerOS Virtualization 2.12.0 : httpd (EulerOS-SA-2026-1487)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped quer...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1609)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-54920

Apache Spark contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson deserialization of event log data. This allows an attacker with access to the Spark event logs directory to inject malicious JSON payloads that trigger deserialization of arbitrary...

org.apache.spark:spark-tools_2.9.3 (=0.8.1-incubating) potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.9.3 (=0.8.1-incubating)

org.apache.spark:spark-core2.9.3 MAVEN version =0.8.1-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.9.3 and may be impacted: - org.apache.spark:spark-tools2.9.3 =0.8.1-incubating Source cves: CVE-2025-54920...

Apache Spark: Spark History Server Code Execution Vulnerability

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

Exploit for Path Traversal in Apache Http_Server

Apache 2.4.49 Path Traversal Lab — CVE-2021-41773 Clone...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 Text4Shell Report Apache Commons Text CVE-2...

PT-2026-25811

🚨 FRESH TOP THREAT ALERT 🚨 Critical RCE in Apache Tomcat March 16, 2026: CVE-2026-89102 – CVSS 9.8! Unauthenticated attackers can send one crafted request to trigger a deserialization flaw and execute arbitrary code on the server. Hits thousands of Java web apps worldwide. Remediation: Upgrade...

Apache IoTDB Improper Input Validation Vulnerability

Apache IoTDB is an open source time series database developed by Apache Software Foundation for large-scale time series data storage and analysis in IoT scenarios. Apache IoTDB suffers from an improper input validation vulnerability. The vulnerability arises because the system does not perform...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2026-1609)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exe...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2026-1338)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in...

EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2026-1536)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1430)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1536)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...