Apache Fineract Security Bypass Vulnerability

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from a security...

Apache Fineract Information Disclosure Vulnerability (CNVD-2026-00006)

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from an...

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-00003)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...

Apache StreamPark Security Bypass Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a security bypass vulnerability due to the use of a fixed, immutable encryption key. An attacker could exploit the vulnerability to decrypt...

httpd security update

An update is available for httpd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

RLSA-2025:23738 Important: mod_md security update

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fixes: modmd:...

RLSA-2025:23932 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 httpd:...

PT-2025-53427

CVE-2025-68694 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-68694 Published : Dec. 24, 2025, 4:15 a.m. | 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-53422

CVE-2025-68689 - Apache Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-68689 Published : Dec. 24, 2025, 4:15 a.m. | 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-53602

CVE-2025-5448 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-5448 Published : Dec. 24, 2025, 2:15 p.m. | 2 hours, 57 minutes ago Description : Rejected reason: This CVE id was assigned but later discarded. Severity: 0.0 | NA Visit the link for more details, such as CVSS details,...

PT-2025-53428

CVE-2025-68695 - Apache HTTP Server Cross-Site Request Forgery CSRF CVE ID : CVE-2025-68695 Published : Dec. 24, 2025, 4:15 a.m. | 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-53426

CVE-2025-68693 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-68693 Published : Dec. 24, 2025, 4:15 a.m. | 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-53420

CVE-2025-68687 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-68687 Published : Dec. 24, 2025, 4:15 a.m. | 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-53423

CVE-2025-68690 - Apache HTTP Server Unvalidated Request Parameter CVE ID : CVE-2025-68690 Published : Dec. 24, 2025, 4:15 a.m. | 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

TencentOS Server 4: httpd (TSSA-2025:0960)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0960 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

httpd:2.4 security update

httpd 2.4.37-65.0.1.7 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-65.7 - Resolves: RHEL-135054 - httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 - Resolves: RHEL-135039 - httpd: Apache HTTP Server: CGI environment variable...

TencentOS Server 3: httpd:2.4 (TSSA-2025:0973)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0973 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

RLSA-2025:23739 Important: mod_md security update

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fixes: modmd:...

httpd security update

An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for December 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF006 and 25.0.0-IF003. These vulnerabilities have been also addressed in 24.0.0-IF005. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficie...