Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 modmd: Apache HTTP Server: modmd ACME, unintended retry intervals CVE-2025-55753 httpd: Apache HTTP...

PT-2025-52647

CVE-2025-12700 - Apache Struts Remote Code Execution CVE ID : CVE-2025-12700 Published : Dec. 20, 2025, 11:15 p.m. | 3 hours, 20 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more details...

PT-2025-52648

CVE-2025-14597 - Apache Struts SSRF CVE ID : CVE-2025-14597 Published : Dec. 20, 2025, 11:15 p.m. | 3 hours, 20 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more details, such as CVSS...

Apache Struts 2.0.0 < 2.3.18 multiple vulnerabilities - Remote command execution and arbitrary file overwrite, Strict DMI does not work correctly(S2-008)

The version of Apache Struts installed on the remote host is prior to 2.3.18. It is, therefore, affected by multiple vulnerabilities as referenced in the S2-008 advisory. - The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during...

mod_md security update

1:2.4.26-1.1 - Resolves: RHEL-134496 - httpd: Apache HTTP Server: modmd ACME, unintended retry intervals CVE-2025-55753...

Apache Arrow IPC cached prebuffer path triggers signed integer overflow UB in read-range coalescing

Description Apache Arrow C++ commit d89c14b5d5203bc403fb62060fdf1ef2c0a49339 contains a signed integer overflow undefined behavior in the IO range coalescing logic, specifically in arrow/cpp/src/arrow/io/interfaces.cc:475 arrow::io::internal::CoalesceReadRanges. The overflow is reachable from...

CVE-2024-29371 vulnerabilities

Vulnerabilities for packages: kafka, strimzi-kafka-operator, apache-pulsar...

GHSA-3677-XXCR-WJQV vulnerabilities

Vulnerabilities for packages: kafka, strimzi-kafka-operator, apache-pulsar...

CVE-2024-29371 vulnerabilities

Vulnerabilities for packages: apache-pulsar, kayenta-fips, kayenta, hadoop-fips, kafka, strimzi-kafka-operator...

GHSA-3677-XXCR-WJQV vulnerabilities

Vulnerabilities for packages: apache-pulsar, kayenta-fips, kayenta, hadoop-fips, kafka, strimzi-kafka-operator...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-991301)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991301 advisory. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.For a subset of unlikely rewrite rule configurations, it was possible fo...

GHSA-V4P2-2W39-MHRJ Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

CVE-2025-66524

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

CVE-2025-66524

The vulnerability concerns Apache NiFi GetAsanaObject Processor (NiFi 1.20.0–2.6.0) which uses unfiltered Java Object serialization/deserialization with a Distribute Map Cache Client Service for state. The root cause is unsafe deserialization of crafted state data stored in the configured cache s...

CVE-2025-66524 Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

Exploit for Improper Restriction of XML External Entity Reference in Apache Tika

CVE-2025-66516: Minimized Verification Environment This proje...

Apache NiFi 代码问题漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A code issue vulnerability exists in Apache NiFi versions 1.20.0 through 2.6.0 that stems from the GetAsanaObject...

PT-2026-1915

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 6.1.0 Description The issue is a missing XML validation check in Apache Struts, allowing for XML External Entity XXE attacks. This flaw resides in the XWork component and can be exploited by attackers to re...

PT-2025-52616

TRC analysis shows attackers chaining authentication bypass CVE-2025-67039 with OS command injection flaws to gain root access on Lantronix devices. Root compromise enables lateral movement across network infrastructure. Runtime segmentation helps contain post-compromise pivoting in critical...

PT-2025-52606

CVE-2025-67044 - Apache HTTP Server Remote Code Execution Vulnerability CVE ID : CVE-2025-67044 Published : Dec. 19, 2025, 4:15 p.m. | 2 hours, 8 minutes ago Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67035. Reason: This record is a reservation duplicate of...