CVE-2026-24015

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

CVE-2026-24015 Apache IoTDB: Insecure Default Configuration Vulnerability

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

CVE-2026-24015

CVE-2026-24015 (Apache IoTDB) affects IoTDB releases prior to 1.3.7 and prior to 2.0.7. Affected components include iotdb-server and related libraries (node-commons). Root cause described across sources is an insecure default configuration that allows binding to an unrestricted IP address, enabli...

K000160272: Apache Solr vulnerability CVE-2026-22444

Security Advisory Description The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

Apache Superset Security Bypass Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security bypass vulnerability exists in Apache Superset, which can be exploited by an attacker to execute sensitive SQL functions...

PT-2026-24048

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

Apache Superset SQL Injection Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete arbitrary files on the database...

Apache IoTDB 安全漏洞

Apache IoTDB is an integrated data management engine designed for time-series data by the Apache Foundation in the United States. It provides services for data collection, storage, and analysis. Versions of Apache IoTDB from 1.0.0 to 1.3.7, as well as from 2.0.0 to 2.0.7, have security...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 9.22.0, there were security...

PT-2026-24047

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.0.0 through 1.3.6 Apache IoTDB versions 2.0.0 through 2.0.6 Description A security issue exists in Apache IoTDB. Users are advised to upgrade to a fixed version to address the problem. Recommendations Upgrade to version...

Apache IoTDB 安全漏洞

Apache IoTDB is an open source time series database developed by Apache Software Foundation for large-scale time series data storage and analysis in IoT scenarios. Apache IoTDB suffers from an improper input validation vulnerability. The vulnerability arises because the system does not perform...

PT-2026-24020

CVE-2025-55017: Apache IoTDB: Path Traversal https://t.co/dRIraLBMg2 CVE-2025-64152: Apache IoTDB: Path Traversal https://t.co/fiMsybbd3I Two notifications of vulnerabilities non-described in the exact same way, but with slightly different affected and fixed version ranges...

PT-2026-24021

CVE-2025-55017: Apache IoTDB: Path Traversal https://t.co/dRIraLBMg2 CVE-2025-64152: Apache IoTDB: Path Traversal https://t.co/fiMsybbd3I Two notifications of vulnerabilities non-described in the exact same way, but with slightly different affected and fixed version ranges...

PT-2026-36813

Name of the Vulnerable Software and Affected Versions Apache HTTP Server version 2.4.66 Description A timing attack against mod auth digest allows a remote attacker to bypass Digest authentication. A timing attack is a side-channel attack where the attacker attempts to compromise a system by...

Apache Airflow Log Message Disclosure Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has a log information disclosure vulnerability. An...

Apache Superset Security Bypass Vulnerability (CNVD-2026-13252)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security bypass vulnerability exists in Apache Superset, which can be exploited by an attacker to bypass data access controls...

Apache Superset Information Disclosure Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset has an information disclosure vulnerability that can be exploited by an attacker to retrieve sensitive user information...

PT-2026-24022

Name of the Vulnerable Software and Affected Versions Apache Airflow Providers Http versions prior to 6.0.0 Description A user with database access can create a malicious database entry that executes code on the Triggerer, granting them the same permissions as a Dag Author. Direct database access...

EUVD-2026-10139

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

ai.platon.gora:gora-core (=1.0.0), ai.platon.gora:gora-mongodb (=1.0.0) +1296 more potentially affected by CVE-2026-24281 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.4)

org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.2 and more Source cves: CVE-2026-24281 Source advisory: OSV:GHSA-7XRH-HQFC-G7QR...