ROOT-APP-PYPI-CVE-2024-45034 CVE-2024-45034 in rootio-apache-airflow - Patched by Root

Root has patched CVE-2024-45034 in the rootio-apache-airflow package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-22888 CVE-2023-22888 in rootio-apache-airflow - Patched by Root

Root has patched CVE-2023-22888 in the rootio-apache-airflow package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2023-40611 CVE-2023-40611 in rootio-apache-airflow - Patched by Root

Root has patched CVE-2023-40611 in the rootio-apache-airflow package for Root:PyPI. Multiple fixed versions available...

BIT-TOMCAT-2026-24733 Apache Tomcat: Security constraint bypass with HTTP/0.9

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...

BIT-TOMCAT-2025-66614 Apache Tomcat: Client certificate verification bypass due to virtual host mapping

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0 through 11.0.14, from 10.1.0 through 10.1.49, from 9.0.0 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL versions...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

Apache Struts2 S2-045 RCE CVE-2017-5638 📌 Overview This...

Apache Traffic Server Host Header Stability Scanner

This is a safe verification tool designed to detect abnormal Host header handling behavior in Apache Traffic Server without triggering denial of service conditions. The tool performs controlled HTTP requests and analyzes response stability, connection behavior, and service continuity...

Atlassian Confluence 7.19.x < 9.2.7 / 9.3.1 < 9.5.3 / 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-102193)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-102193 advisory. - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affec...

Apache Airflow < 3.1.6 Information Disclosure

The version of Apache Airflow installed on the remote host is prior to 3.1.6. It is, therefore, affected by an information disclosure vulnerability: - The proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not...

Command Injection

Apache Airflow is vulnerable to Command Injection. The vulnerability is due to a non-validated parameter in the exampledagdecorator example DAG, which allows an attacker to redirect execution to a malicious server and execute arbitrary code on a worker when example DAGs are enabled...

Exploit for Relative Path Traversal in Apache Tomcat

CVE-2025...

SUSE CVE-2025-66614

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...

SUSE CVE-2026-24734

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

PT-2026-20653

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.10.0 through 4.10.7 Apache Camel versions 4.14.0 through 4.14.4 Apache Camel versions 4.15.0 through 4.17.9 Description The LevelDB component in Apache Camel contains a flaw where it deserializes data from the LevelDB...

PT-2026-20652

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.17.9 Description The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. This allows a token issued by one Keycloak realm to be silentl...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Apache Traffic Server vulnerability (USN-8050-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8050-1 advisory. Masakazu Kitajo discovered that Apache Traffic Server did not properly handle the Valid Host header field. An attacker could possibly use this...

CVE-2026-23901 vulnerabilities

Vulnerabilities for packages: apache-jena-fuseki, neo4j...

GHSA-C4QC-4Q9P-M9Q9 vulnerabilities

Vulnerabilities for packages: apache-jena-fuseki, neo4j...

USN-8050-1: Apache Traffic Server vulnerability

Masakazu Kitajo discovered that Apache Traffic Server did not properly handle the Valid Host header field. An attacker could possibly use this issue to cause a denial of service DoS...

USN-8050-1 trafficserver vulnerability

Masakazu Kitajo discovered that Apache Traffic Server did not properly handle the Valid Host header field. An attacker could possibly use this issue to cause a denial of service DoS...