CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

BIT-AIRFLOW-2025-66388 Apache Airflow: Secrets in rendered templates not redacted properly and exposed in the UI

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this...

Security Bulletin:Vulnerability in Apache Commons HttpClient affects IBM Netezza Appliance

Summary The Apache Commons HttpClient package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2012-5783 Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java...

Security Bulletin:Vulnerability in Apache Commons HttpClient affects IBM Netezza Appliance

Summary The Apache Commons HttpClient package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2012-6153 Vulnerability Details CVEID:CVE-2012-6153 DESCRIPTION: http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not...

This Week in Spring – December 16th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it’s been! We’ve got around nine shopping days ’til Christmas, and the New Year is almost here! Things are moving so quickly and the Spring community is no exception! Let's dive into this week's wonderful...

PT-2025-51764

Name of the Vulnerable Software and Affected Versions Apache Commons Text versions prior to 1.10.0 FileMaker Server versions prior to 22.0.4 Description Apache Commons Text versions prior to 1.10.0 contain interpolation features that could be exploited when applications process untrusted input...

ROS-20251216-7307

A vulnerability in the FTP Client component of the Apache Commons Net library is related to the use of open redirection with insufficient input data validation during PASV response processing. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected...

Apache Commons FileUpload < 1.6 , 2.0.0-M1 < 2.0.0-M4 Denial of Service (CVE-2025-48976)

The version of Apache Commons FileUpload on the remote host is 1.6 , 2.0.0-M1 2.0.0-M4. It is, therefore, affected by a denial of service vulnerability due to allocation of resources for multipart headers with insufficient limits. Note that Nessus has not tested for these issues but has instead...

K000158206: Apache HTTP Server vulnerability CVE-2025-66200

Security Advisory Description moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7...

Security Bulletin: IBM HTTP Server is affected by multiple vulnerabilities

Summary IBM HTTP Server used by IBM WebSphere Application Server is affected by multiple vulnerabilities due to libexpat and the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2025-66200 DESCRIPTION: moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP...

Exploit for Code Injection in Apache Dolphinscheduler

No d...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +20 more potentially affected by CVE-2025-66388 via apache-airflow-task-sdk (>=1.0.0rc4 <=1.1.4)

apache-airflow-task-sdk PYPI version =1.0.0rc4, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0rc3, =3.0.0rc3, =1.6.0, =1.5.3, =1.25.0rc1, =3.12.0, =0.0.4, =0.0.6.dev1 and more Source cves: CVE-2025-66388 Source advisory: SNYK:PYTHON-APACHEAIRFLOWTASKSDK-14459396...

GHSA-FV47-PQH6-WXGQ Apache Airflow exposes secret values to authenticated UI users via rendered templates

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this...

apache-airflow-core (>=3.1.0 <=3.1.3), apache-airflow-providers-common-compat (>=1.6.0 <=1.7.3rc1) +6 more potentially affected by CVE-2025-66388 via apache-airflow (>=3.1.0 <=3.1.3)

apache-airflow PYPI version =3.1.0, =3.1.0, =1.6.0, =1.5.3, =1.26.0, =2.0.2, =0.4.0, =1.1.0, =1.1.3 Source cves: CVE-2025-66388 Source advisory: OSV:PYSEC-2025-86...

PYSEC-2025-86

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted,potentially exposing secrets to users without the appropriate authorization.Users are recommended to upgrade to version 3.1.4, which fixes this...

CVE-2025-66388

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this...

CVE-2025-66388

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this...

Security Bulletin: due to the use of Apache Commons Lang, IBM Transformation Extender Advanced is vulnerable to Uncontrolled Recursion vulnerability

Summary Apache Commons Lang is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers . CVE-2024-47554 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This...

Security Bulletin: due to the use of Apache Commons FileUpload, IBM Transformation Extender Advanced is vulnerable to DoS vulnerability

Summary Apache Commons FileUpload is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers. CVE-2024-47554 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient...