CVE-2024-39887

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new...

CVE-2023-49145

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, the...

CVE-2023-49657

A stored cross-site scripting XSS vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users should change their...

CVE-2023-49734

An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2...

CVE-2023-45303

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...

CVE-2025-23408

Weak Password Requirements vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.10.1. The issue is fixed in version 1.11.0. Users are encouraged to upgrade to version 1.13.0, the latest release...

CVE-2022-42009

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

PT-2026-2235

CVE-2026-22632 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2026-22632 Published : Jan. 9, 2026, 4:15 a.m. | 2 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-1813

Name of the Vulnerable Software and Affected Versions Apache NimBLE versions through 1.8.0 Description A configuration issue exists where data transmission occurs without encryption. Specifically, improper handling of the Pause Encryption procedure on the Link Layer can result in a previously...

PT-2026-2234

CVE-2026-22631 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2026-22631 Published : Jan. 9, 2026, 4:15 a.m. | 2 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2026-2236

CVE-2026-22633 - Apache HTTP Server HTTP Header Injection CVE ID : CVE-2026-22633 Published : Jan. 9, 2026, 4:15 a.m. | 2 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-2239

CVE-2026-22636 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2026-22636 Published : Jan. 9, 2026, 4:15 a.m. | 2 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2026-1837

Name of the Vulnerable Software and Affected Versions Apache NimBLE versions through 1.8.0 Description A flaw exists in Apache NimBLE that allows authentication bypass through spoofing. Receiving a specially crafted Security Request can result in the removal of the original bond and re-bonding wi...

PT-2026-2233

CVE-2026-22630 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-22630 Published : Jan. 9, 2026, 4:15 a.m. | 2 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-2237

CVE-2026-22634 - Apache HTTP Server Unauthenticated Remote Command Execution CVE ID : CVE-2026-22634 Published : Jan. 9, 2026, 4:15 a.m. | 2 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

httpd security update

2.4.6-99.0.9.1 - Fix CVE-2025-58098 Orabug: 38816066 2.4.6-99.0.7.1 - Fixed security update CVE-2024-47252 CVE-2025-49812 Orabug: 38378160 2.4.6-99.0.5.1 - Differentiate trusted sources Orabug: 37100272CVE-2024-38476 2.4.6-99.0.3.1 - Opt-ins for unsafe prefixstat and %3f Orabug:...

Security Bulletin: IBM SPSS Analytic Server is affected by a vulnerability in Apache Commons Lang (CVE-2025-48924).

Summary IBM SPSS Analytic Server is affected by a vulnerability in Apache Commons Lang CVE-2025-48924. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache...

Deserialization Of Untrusted Data

org.apache.nifi, nifi-asana-processors is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the use of unfiltered Java object serialization and deserialization in the GetAsanaObject Processor, which allows an attacker with access to the configured cache server to supply...

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...