PT-2025-45537

CVE-2025-64478 - Apache HTTP Server Information Disclosure CVE ID : CVE-2025-64478 Published : Nov. 6, 2025, 4:15 a.m. | 3 hours, 33 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

GHSA-M494-W24Q-6F7W vulnerabilities

Vulnerabilities for packages: hadoop-fips, apache-hop-fips, tez, apache-hop, apicurio-registry...

CVE-2025-59250 vulnerabilities

Vulnerabilities for packages: hadoop-fips, apache-hop-fips, tez, apache-hop, apicurio-registry...

Exploit for Exposure of Resource to Wrong Sphere in Apache Http_Server

HTTP Request Smuggling Detection Tool This repository contain...

CLSA-2025-1762338135 apr: Fix of CVE-2022-24963

CVE-2022-24963: Fix integer overflow in aprencode functions that could lead to out-of-bounds write...

CVE-2025-58337 Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server

An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restrictions. Impact: Bypasses read-only mode; attackers with read-only access may perform unauthorized...

Apache Airflow Security Bypass Vulnerability (CNVD-2025-30838)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. A security bypass vulnerability exists in Apache Airflow, which is...

Apache Doris MCP Server 安全漏洞

Apache Doris MCP Server is a contextual protocol backend service from the Apache Foundation. A security vulnerability exists in Apache Doris MCP Server versions prior to 0.1.0 through 0.6.0, which stems from improper access control and could allow an attacker with read-only privileges to execute...

ROS-20251105-01

A vulnerability in the Apache Log4cxx C++ logging framework is related to the fact that when using the HTMLLayout, logger names are not properly escaped when written to an HTML file. Exploitation of the vulnerability could allow an attacker acting remotely to obtain sensitive data A vulnerability...

PT-2025-44969

Name of the Vulnerable Software and Affected Versions Apache Logback affected versions not specified Description A potential escalation of privilege exists due to an insecure default value within the preloader component. Successful exploitation could allow a malicious actor with System privileges...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "form-data 4.0.0, org.apache.cxfcxf-core 3.6.7 , net/http/internal v1.24.1, braces 3.0.2 , cross-spawn 7.0.3 , crypto/x509 1.24.1 1.24.3 , github.com/golang-jwt/jwt/v4 github.com/golang-jwt/jwt/v5 v4.5.0 v5.2.1 , httpd 2.4.37 , setuptools 78.0.2 75.8.0 ,...

Talos-Apache-Log-Oversight-Scanner

Talos-Apache-Log-Oversight-Scanner Overview The Talos-Ap...

Astra Linux – Vulnerability in Apache2

In some modssl configurations on the Apache HTTP Server 2.4.35 to 2.4.63, it is possible for trusted clients to bypass access controls using TLS 1.3 session resumption. These configurations are affected when modssl is configured for multiple virtual hosts, with each virtual host restricted to a...

Astra Linux – Vulnerability in Apache2

Delayed memory release after the effective lifetime vulnerability in the Apache HTTP Server. This issue affects the Apache HTTP Server: from version 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes this issue...

Astra Linux – Vulnerability in Apache2

In certain proxy configurations, a denial-of-service attack against Apache HTTP Server versions 2.4.26 through 2.4.63 can occur when untrusted clients trigger an assertion in modproxyhttp2. The configurations affected include reverse proxies configured for HTTP/2 backends, where ProxyPreserveHost...

Astra Linux – Vulnerability in Apache2

In the Apache HTTP Server with modproxy loaded, SSRF allows an attacker to send outbound proxy requests to a URL controlled by the attacker. This requires a unusual configuration, where modheaders is used to modify the Content-Type header of the request or response, with a value provided in the...

Astra Linux – Vulnerability in Apache2

Splitting of HTTP responses within the core of the Apache HTTP Server allows attackers who can manipulate the Content-Type response headers of applications hosted or proxied by the server to split the HTTP response. This vulnerability was identified as CVE-2023-38709, but the patch included in...

CVE-2021-47700

Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly permissive ownership/permissions under the Apache user. Local or co-hosted processes could read/overwrite export artifacts or manipulate paths, risking disclosure or tampering and potential code...

CVE-2024-58273

Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user or the backend shell user to escalate to root on the host...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in IBM® WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server. These are addressed. Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable ...