CVE-2025-66029 Open OnDemand affected by Apache proxy passing sensitive headers

Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to...

Security Bulletin: Apache uimaj-core.jar security vulnerability CVE-2022-32287 and CVE-2023-39913 in FileNet Content Manager (FNCM) component Content Search Services (CSS) / Enterprise Content Management Text Search (ECMTS)

Summary Apache uimaj-core.jar security vulnerability CVE-2022-32287 and CVE-2023-39913 in FileNet Content Manager FNCM component Content Search Services CSS / Enterprise Content Management Text Search ECMTS Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to Uncontrolled Resource Consumption due to Apache Commons IO (CVE-2024-47554)

Summary IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to Uncontrolled Resource Consumption due to Apache Commons IO. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

airflow-imaging-plugins (>=2.4.2 <=2.4.3), data-tracking (>=1.7.2 <=1.7.3) +1 more potentially affected by CVE-2025-67895 via apache-airflow (>=1.8.2 <=1.9.0)

apache-airflow PYPI version =1.8.2, =2.4.2, =1.7.2, =0.0.5, =0.0.6 Source cves: CVE-2025-67895 Source advisory: OSV:PYSEC-2025-87...

CVE-2025-66675

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. It's related...

CVE-2025-66388

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this...

Exploit for CVE-2025-66516

⚠️ READ DISCLAIMER BEFORE USE ⚠️ Educat...

Apache Airflow 安全漏洞

Apache Airflow is a set of open source platforms with the ability to create, manage and monitor workflows from the US Apache Apache Foundation. The platform is characterized by scalability and dynamic monitoring. Apache Airflow suffers from a security vulnerability that stems from the ability of...

Open OnDemand 安全漏洞

Open OnDemand is an open source implementation of Open Interactive HPC over the Web from Ohio Supercomputer Center. A security vulnerability exists in Open OnDemand 4.0.8 and earlier versions, which originates when the Apache proxy passes sensitive headers to the origin server, potentially leadin...

PT-2025-52409

CVE-2025-0852 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-0852 Published : Dec. 16, 2025, 10:15 p.m. | 1 hour, 44 minutes ago Description : Rejected reason: Voluntarily withdrawn Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline...

PT-2025-52482

CVE-2025-14828 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-14828 Published : Dec. 17, 2025, 7:16 p.m. | 48 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in th...

PT-2025-51973

Name of the Vulnerable Software and Affected Versions Open OnDemand versions prior to 4.1 Description Open OnDemand provides remote web access to supercomputers. The Apache proxy in versions 4.0.8 and earlier allows sensitive headers to be passed to origin servers. This could allow malicious user...

Unity Linux 20.1070e Security Update: apache-commons-lang3 (UTSA-2025-991256)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991256 advisory. Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting withcommons-lang:commons-lang2.0 to 2.6, and, from...

commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...

apache-kafka: Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration

A flaw was found in apache-kafka. This issue occurs due to improper handling of configuration data when using a Kafka client SASL JAAS, allowing an attacker with access to alterConfig for a cluster resource or Kafka Connect worker to inject arbitrary configuration. This injection can lead to the...

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

BIT-AIRFLOW-2025-66388 Apache Airflow: Secrets in rendered templates not redacted properly and exposed in the UI

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this...