CVE-2024-29371 vulnerabilities

Vulnerabilities for packages: kafka, strimzi-kafka-operator, apache-pulsar...

GHSA-3677-XXCR-WJQV vulnerabilities

Vulnerabilities for packages: kafka, strimzi-kafka-operator, apache-pulsar...

CVE-2024-29371 vulnerabilities

Vulnerabilities for packages: apache-pulsar, kayenta-fips, kayenta, hadoop-fips, kafka, strimzi-kafka-operator...

GHSA-3677-XXCR-WJQV vulnerabilities

Vulnerabilities for packages: apache-pulsar, kayenta-fips, kayenta, hadoop-fips, kafka, strimzi-kafka-operator...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-991301)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991301 advisory. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.For a subset of unlikely rewrite rule configurations, it was possible fo...

GHSA-V4P2-2W39-MHRJ Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

CVE-2025-66524

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

CVE-2025-66524

The vulnerability concerns Apache NiFi GetAsanaObject Processor (NiFi 1.20.0–2.6.0) which uses unfiltered Java Object serialization/deserialization with a Distribute Map Cache Client Service for state. The root cause is unsafe deserialization of crafted state data stored in the configured cache s...

CVE-2025-66524 Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

Exploit for Improper Restriction of XML External Entity Reference in Apache Tika

CVE-2025-66516: Minimized Verification Environment This proje...

Apache NiFi 代码问题漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A code issue vulnerability exists in Apache NiFi versions 1.20.0 through 2.6.0 that stems from the GetAsanaObject...

PT-2026-1915

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 6.1.0 Description The issue is a missing XML validation check in Apache Struts, allowing for XML External Entity XXE attacks. This flaw resides in the XWork component and can be exploited by attackers to re...

PT-2025-52616

TRC analysis shows attackers chaining authentication bypass CVE-2025-67039 with OS command injection flaws to gain root access on Lantronix devices. Root compromise enables lateral movement across network infrastructure. Runtime segmentation helps contain post-compromise pivoting in critical...

PT-2025-52607

CVE-2025-67045 - Apache HTTP Server Cross-Site Scripting Vulnerability CVE ID : CVE-2025-67045 Published : Dec. 19, 2025, 4:15 p.m. | 2 hours, 8 minutes ago Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67041. Reason: This record is a reservation duplicate of...

PT-2025-52592

CVE-2025-68487 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-68487 Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 5 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-52596

CVE-2025-68490 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-68490 Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 5 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-52597

CVE-2025-68491 - Apache HTTP Server Buffer Overflow Vulnerability CVE ID : CVE-2025-68491 Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 5 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, an...

PT-2025-52605

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges...

PT-2025-52591

CVE-2025-68486 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-68486 Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 5 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-52595

CVE-2025-68489 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-68489 Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 5 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...