CVE-2025-59059

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

Apache Ranger 安全漏洞

Apache Ranger is a set of security measures implemented for Hadoop clusters by the Apache Foundation. This product provides central security policy management to address core enterprise security requirements such as authorization, settlement, and data protection. Apache Ranger versions 2.7.0 and...

Apache Ranger 安全漏洞

Apache Ranger is a set of security measures implemented for Hadoop clusters by the Apache Foundation. This product provides central security policy management to address core enterprise security requirements such as authorization, settlement, and data protection. Apache Ranger versions 2.7.0 and...

PT-2026-22729

Name of the Vulnerable Software and Affected Versions Apache Ranger versions prior to 2.8.0 Description A hostname verification bypass issue exists in Apache Ranger NiFiRegistryClient/NiFiClient. This issue allows bypassing hostname verification. Recommendations Upgrade to version 2.8.0...

PT-2026-22728

Name of the Vulnerable Software and Affected Versions Apache Ranger versions prior to 2.8.0 Description A Remote Code Execution issue exists in the NashornScriptEngineCreator component of Apache Ranger. An unauthenticated remote attacker could potentially exploit this to execute code on the syste...

Security Bulletin: Critical vulnerability addressed in Cloudera Base on premises 7.1.9 SP1 CHF 14 and Cloudera Runtime 7.3.1.700 SP3 CHF 2

Summary CVE-2025-66516 - Apache Tika addressed in Cloudera Base on premises 7.1.9 SP1 CHF 14 and Cloudera Runtime 7.3.1.700 SP3 CHF 2 Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5...

BIT-SUPERSET-2026-23984 Apache Superset: SQLLab Read-Only Bypass on PostgreSQL

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...

SUSE CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

PT-2026-37041

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.30 through 2.4.66 Description An issue exists in the mod md module where resource allocation occurs without limits or throttling when processing OCSP response data. OCSP Online Certificate Status Protocol is a...

Apache Shiro Authentication Bypass Vulnerability

Apache Shiro is the United States Apache Apache Foundation set of Java security framework for performing authentication, authorization, encryption and session management . An authentication bypass vulnerability exists in Apache Shiro versions prior to 2.0.7. The vulnerability stems from an...

JeeSite 代码问题漏洞

JeeSite is a Java rapid development platform open-sourced by Jinan Zhuoyuan thinkgem. Versions of JeeSite 5.15.1 and earlier have code vulnerabilities. These vulnerabilities stem from operations on the component in the file /com/jeesite/common/shiro/cas/CasOutHandler.java, which may lead to XML...

Exploit for Path Traversal in Apache Http_Server

🕵️ HACKNET v2.4.1 —...

PT-2026-36802

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.67 Description An improper null termination leads to an out-of-bounds read in the mod proxy ajp module. Specifically, the ajp msg get string function fails to perform a null-termination check, which may...

Exploit for Deserialization of Untrusted Data in Apache Struts

No d...

Input Validation Bypass

Apache Superset is vulnerable to Input Validation Bypass. The vulnerability is due to specially crafted SQL statements can bypass the read-only verification check when using a PostgreSQL database connection, and attackers can exploit it to execute unauthorized actions...

SQL Injection

Apache Superset is vulnerable to SQL Injection. The vulnerability is due to an incomplete default list of restricted SQL functions for the ClickHouse engine, where attackers can execute potentially sensitive SQL functions within SQL Lab and charts...

Deserialization Of Untrusted Data

Apache Camel is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to the DefaultLevelDBSerializer class deserializing data using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions, which allows an attacker to inject a crafted...

CVE-2025-40932

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will...

Security Bulletin: IBM Security Verify Directory Web Admin Tool Container affected by WebSphere Application Server Liberty Denial‑of‑Service Vulnerability with HTTP/2

Summary IBM Security Verify Directory Web Admin Container has remediated the WebSphere Liberty vulnerabilities CVE-2025-48976 by incorporating the updated WebSphere Liberty runtime levels that include the necessary fixes. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of...

Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i ( CVE-2025-48734, CVE-2025-53057)

Summary IBM Rational Developer for i is affected by an improper access control vulnerability in Apache Commons CVE-2025-48734 and an improper access control vulnerability in Java CVE-2025-53057 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-48734...