PT-2025-50939

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

Apache StreamPark 安全漏洞

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a security bypass vulnerability due to the use of a fixed, immutable encryption key. An attacker could exploit the vulnerability to decrypt...

Apache Fineract 安全漏洞

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from a security...

Apache Fineract 安全漏洞

Apache Fineract is a set of open source digital financial services platform of the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from an informatio...

PT-2025-50904

Name of the Vulnerable Software and Affected Versions Apache Fineract versions through 1.10.1 Description Apache Fineract is affected by a weak password requirements issue. Upgrade to version 1.11.0 or later to address this. Users are encouraged to upgrade to version 1.13.0, the latest release...

PT-2025-51040

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this...

Apache StreamPark 安全漏洞

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a weak algorithmic vulnerability that stems from the use of weak encryption algorithms, which can be exploited by an attacker to expose sensitive...

PT-2025-51039

Name of the Vulnerable Software and Affected Versions Airflow versions prior to 3.1.4 Airflow versions prior to 2.11.1 Description A flaw exists in Airflow where the user interface UI error reporting could expose sensitive information passed as keyword arguments kwargs to operators when a Directe...

PT-2025-50906

Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release...

PT-2025-50905

Name of the Vulnerable Software and Affected Versions Apache Fineract versions through 1.11.0 Description A flaw exists in Apache Fineract related to insufficiently protected credentials. Upgrade to version 1.13.0, the latest release, to address this issue. The issue is resolved in version 1.12.1...

Apache Fineract 安全漏洞

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from an...

tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected

A XML External Entity XXE injection vulnerability was found in the Apache Tika framework's PDF parsing functionality. It could allow a remote, unauthenticated attacker to exploit the system by providing a specially crafted PDF containing an XFA XML Forms Architecture file. This flaw could lead to...

[SECURITY] Fedora 43 Update: httpd-2.4.66-1.fc43

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Apache HTTP Server: mod_md (ACME), unintended retry intervals

...

Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

...

EulerOS 2.0 SP11 : mod_http2 (EulerOS-SA-2025-2486)

According to the versions of the modhttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by...

PT-2025-51041

CVE-2025-67512 - Apache Docker Privilege Escalation CVE ID : CVE-2025-67512 Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago Description : Rejected reason: The vulnerability is dependency-based. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected...

PT-2025-51088

CVE-2025-67514 - Apache Tomcat Remote Code Execution CVE ID : CVE-2025-67514 Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago Description : Rejected reason: Vulnerability is dependency-based. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

PT-2025-51122

CVE-2025-67690 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-67690 Published : Dec. 11, 2025, 4:15 a.m. | 1 hour, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-51126

CVE-2025-67694 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-67694 Published : Dec. 11, 2025, 4:15 a.m. | 1 hour, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...