PT-2025-48331

CVE-2025-66235 - Apache Server HTTP Header Injection CVE ID : CVE-2025-66235 Published : Nov. 26, 2025, 4:15 a.m. | 2 hours, 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-48328

CVE-2025-66232 - Apache Struts Cross-Site Request Forgery CVE ID : CVE-2025-66232 Published : Nov. 26, 2025, 4:15 a.m. | 2 hours, 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-48326

CVE-2025-66230 - Apache HTTP Server Unvalidated Redirect CVE ID : CVE-2025-66230 Published : Nov. 26, 2025, 4:15 a.m. | 2 hours, 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-48325

CVE-2025-66229 - Apache HTTP Server Remote Code Execution Vulnerability CVE ID : CVE-2025-66229 Published : Nov. 26, 2025, 4:15 a.m. | 2 hours, 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

PT-2025-48330

CVE-2025-66234 - Apache HTTP Server Unauthenticated Remote Code Execution CVE ID : CVE-2025-66234 Published : Nov. 26, 2025, 4:15 a.m. | 2 hours, 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

PT-2025-48327

CVE-2025-66231 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-66231 Published : Nov. 26, 2025, 4:15 a.m. | 2 hours, 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-48329

CVE-2025-66233 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-66233 Published : Nov. 26, 2025, 4:15 a.m. | 2 hours, 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-48324

CVE-2025-66228 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-66228 Published : Nov. 26, 2025, 4:15 a.m. | 2 hours, 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Apache Hive SQL注入漏洞

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. Apache Hive...

Apache Druid 安全漏洞

Apache Druid is an American Apache Apache Foundation open source, column-oriented distributed database written in the Java language. A security vulnerability exists in Apache Druid version 34.0.0 and earlier, which stems from the use of weak fallback keys by the Kerberos authenticator, which coul...

CVE-2025-65998

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...

Apache Roller < 6.1.5 Insufficient Session Expiration on Password Change (CVE-2025-24859)

According to its self-reported version number, the instance of Apache Roller running on the remote host is prior to 6.1.5. It is, therefore, affected by a session management vulnerability where active user sessions are not properly invalidated after password changes. When a user's password is...

ROS-20251125-02

A vulnerability in the Apache MINA open source Java network application environment is related to an infinite loop in the processing of HTTP requests. loop when processing HTTP requests. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remote...

EUVD-2025-198717

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...

GHSA-JQG8-M35Q-JH7J Apache Syncope's AES encryption stores hard-coded passwords in internal database

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...

Apache Syncope's AES encryption stores hard-coded passwords in internal database

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...

org.apache.syncope.core:syncope-core-self-keymaster-starter (>=3.0.0 <=3.0.14) potentially affected by CVE-2025-65998 via org.apache.syncope.core:syncope-core-starter (>=3.0.0-M0 <=3.0.14)

org.apache.syncope.core:syncope-core-starter MAVEN version =3.0.0-M0, =3.0.0, =3.0.14 Source cves: CVE-2025-65998 Source advisory: SNYK:JAVA-ORGAPACHESYNCOPECORE-14105145...

org.apache.syncope.core.am:syncope-core-am-logic (>=4.0.0 <=4.0.2), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=4.0.0 <=4.0.2) +18 more potentially affected by CVE-2025-65998 via org.apache.syncope.core:syncope-core-provisioning-java (>=4.0.0-M0 <=4.0.2)

org.apache.syncope.core:syncope-core-provisioning-java MAVEN version =4.0.0-M0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.2 and more Source cves: CVE-2...

CVE-2025-65998

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...

CVE-2025-65998 Apache Syncope: Default AES key used for internal password encryption

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...