Apache CloudStack Access Control Error Vulnerability (CNVD-2025-30565)

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. An Access Control Error vulnerability exists in Apache CloudStack tha...

ROS-20251203-05

A vulnerability in the Java library for handling Apache Commons Configuration files is related to the fact that, the application does not properly control internal resource consumption when loading a specially crafted configuration file. created configuration file. Exploitation of the vulnerabili...

Apache Kvrocks Information Disclosure Vulnerability

Apache Kvrocks is a distributed key-value NoSQL database from the Apache USA Foundation. Apache Kvrocks suffers from an information disclosure vulnerability that stems from the MONITOR command disclosing plaintext credentials. An attacker could exploit this vulnerability to obtain sensitive...

Apache SkyWalking Cross-Site Scripting Vulnerability (CNVD-2025-30566)

Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A cross-site scripting vulnerability exists in Apache SkyWalking version 10.2.0 and earlier, which stems from not...

Linux Distros Unpatched Vulnerability : CVE-2025-64775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0...

CVE-2025-54057

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: = 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue...

CVE-2025-59789

Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...

Advisory ROSA-SA-2025-3109

Software: xmlrpc 3.1.3 OS: ROSA Virtualization 2.1 packageevrstring: xmlrpc-3.1.3-1.0.1.1.rv3 CVE-ID: CVE-2019-17570 BDU-ID: 2020-01960 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of the Apache XML-RPC library is related to ...

Advisory ROSA-SA-2025-3082

Software: httpd 2.4.6 OS: rosa-server79 unaffected versions = httpd-2.4.6-99.0.7.res7.1 affected versions httpd-2.4.6-99.0.7.res7.1 CVE-ID: CVE-2024-47252 BDU-ID: 2025-08958 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modssl function of the Apache HTTP Server web server is related to a failu...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: tomcat (UTSA-2025-991028)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991028 advisory. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: tomcat (UTSA-2025-991027)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991027 advisory. Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the processing of a multipart upload,...

Apache Struts DoS Vulnerability (S2-068)

Apache Struts is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:struts";...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.10.1.11)

The version of AOS installed on the remote host is prior to 6.10.1.11. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.10.1.11 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely...

GHSA-XX7V-HQXH-CJR9 Apache Struts is Vulnerable to DoS via File Leak

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue...

EUVD-2025-200019

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue...

Apache Struts is Vulnerable to DoS via File Leak

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue...

CVE-2025-64775

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue...

CVE-2025-64775

CVE-2025-64775 affects Apache Struts 2.x (2.0.0–6.7.0) and 7.0.0–7.0.3. The issue is a denial of service caused by a file leak in multipart request processing that can exhaust disk space. The available public details describe the impact as DoS and do not indicate exploitation specifics beyond the...

CVE-2025-64775 Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS)

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to Apache Lucene

Summary IBM webMethods BPM uses Apache Lucene in designer-process-feature and metadata-core-feature for text processing and filtering purpose. Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression...