TencentOS Server 4: apache-commons-beanutils (TSSA-2025:0562)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0562 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: bcel (TSSA-2025:0575)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0575 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: httpd:2.4 (TSSA-2024:0763)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0763 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 4: storm (TSSA-2024:1013)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1013 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 2: apache-commons-beanutils (TSSA-2025:0654)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0654 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 2: apache-commons-vfs (TSSA-2025:0598)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0598 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 4: kafka (TSSA-2025:0475)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0475 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: apache-sshd (TSSA-2025:0563)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0563 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: tomcat (TSSA-2025:0592)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0592 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

EUVD-2025-198152

Apache Causeway vulnerable to deserialization in Java...

Apache Causeway vulnerable to deserialization in Java

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...

CVE-2025-64408

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...

CVE-2025-64408 Apache Causeway: Java deserialization vulnerability to authenticated attackers

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...

CVE-2025-64408 Apache Causeway: Java deserialization vulnerability to authenticated attackers

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...

Apache Causeway 安全漏洞

Apache Causeway is the Apache Foundation of a Java rapid application development framework . Apache Causeway suffers from a deserialization vulnerability that originates from unsafe deserialization of user-controllable URL parameters in the receipt of serialized data submitted by the user, which...

Security Bulletin: IBM OpenPages fixes Apache Tika library vulnerability via XML External Entity injection

Summary Apache Tika library vulnerability via XML External Entity injection with IBM OpenPages have been addressed in the latest IBM OpenPages fixpack for 8.3, 9.0 and 9.1 Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.1...

Server-Side Request Forgery (SSRF)

Apache Kylin is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-controlled request targets, which allows an attacker to craft malicious requests that force the server to initiate unintended outbound connections...

Files Or Directories Accessible To External Parties

Apache Kylin is vulnerable to Files or Directories Accessible to External Parties. The vulnerability is due to improper access controls on certain files or directories, which allows an attacker to access resources that should be restricted if administrative access is not adequately protected...

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-55752,CVE-2025-55754 & CVE-2025-61795)

Summary IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-55752 DESCRIPTION: Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized...