EUVD-2025-208229

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

CVE-2025-59060

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

CVE-2025-59060 Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

CVE-2025-59060

Summary: CVE-2025-59060 describes a hostname verification bypass in Apache Ranger’s NiFiRegistryClient/NiFiClient. The issue is reported for Apache Ranger versions ≤ 2.7.0 and is fixed by upgrading to version 2.8.0. Affected components: NiFiRegistryClient and NiFiClient within Apache Ranger. Root...

CVE-2025-59060 Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

CVE-2025-59060

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

CVE-2025-59059 Apache Ranger: Remote Code Execution Vulnerability in NashornScriptEngineCreator

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

CVE-2025-59059 Apache Ranger: Remote Code Execution Vulnerability in NashornScriptEngineCreator

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

EUVD-2025-208228

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

CVE-2025-59059

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

CVE-2025-59059

Apache Ranger CVE-2025-59059 is a remote code execution issue affecting Ranger versions

CVE-2025-59059

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

Apache Ranger 安全漏洞

Apache Ranger is a set of security measures implemented for Hadoop clusters by the Apache Foundation. This product provides central security policy management to address core enterprise security requirements such as authorization, settlement, and data protection. Apache Ranger versions 2.7.0 and...

Apache Ranger 安全漏洞

Apache Ranger is a set of security measures implemented for Hadoop clusters by the Apache Foundation. This product provides central security policy management to address core enterprise security requirements such as authorization, settlement, and data protection. Apache Ranger versions 2.7.0 and...

PT-2026-22729

Name of the Vulnerable Software and Affected Versions Apache Ranger versions prior to 2.8.0 Description A hostname verification bypass issue exists in Apache Ranger NiFiRegistryClient/NiFiClient. This issue allows bypassing hostname verification. Recommendations Upgrade to version 2.8.0...

PT-2026-22728

Name of the Vulnerable Software and Affected Versions Apache Ranger versions prior to 2.8.0 Description A Remote Code Execution issue exists in the NashornScriptEngineCreator component of Apache Ranger. An unauthenticated remote attacker could potentially exploit this to execute code on the syste...

Security Bulletin: Critical vulnerability addressed in Cloudera Base on premises 7.1.9 SP1 CHF 14 and Cloudera Runtime 7.3.1.700 SP3 CHF 2

Summary CVE-2025-66516 - Apache Tika addressed in Cloudera Base on premises 7.1.9 SP1 CHF 14 and Cloudera Runtime 7.3.1.700 SP3 CHF 2 Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5...

BIT-SUPERSET-2026-23984 Apache Superset: SQLLab Read-Only Bypass on PostgreSQL

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...

SUSE CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

Apache Shiro Authentication Bypass Vulnerability

Apache Shiro is the United States Apache Apache Foundation set of Java security framework for performing authentication, authorization, encryption and session management . An authentication bypass vulnerability exists in Apache Shiro versions prior to 2.0.7. The vulnerability stems from an...