CVE-2025-30001

Apache StreamPark has a vulnerability described as an Incorrect Execution-Assigned Permissions issue that, in versions 2.1.4 up to but not including 2.1.6, can allow authenticated users to trigger remote command execution. PT-security and multiple CVE references converge on this issue, noting tha...

CVE-2025-30001 Apache StreamPark: Authenticated users can trigger remote command execution

Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue...

RLSA-2025:14983 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modproxyhttp2: untrusted input from a client causes an assertion to fail in the Apache modproxyhttp2 module CVE-2025-49630 For more details about the security...

Exploit for Incorrect Authorization in Apache Ofbiz

This is a PoC exploit for CVE-2024-38856, a remote code executio...

Apache StreamPark 安全漏洞

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark has a security vulnerability that can be exploited by attackers to cause confidentiality, integrity and availability to be compromised...

EUVD-2025-33342

Apache Flink CDC is vulnerable to SQL Injection through maliciously crafted identifiers...

Exploit for Path Traversal in Apache Ofbiz

CVE-2024-32113-A...

Exploit for Path Traversal in Apache Ofbiz

CVE-2024-32113 Exploit Apache OFBiz Path Traversal to RCE exp...

CVE-2025-62228

Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the quote function that fails to properly escape special characters. An attacker can execute arbitrary SQL commands by supplying specially crafted input values for database name or table names. Remediation Upgrade...

CVE-2025-62228

CVE-2025-62228 affects Apache Flink CDC: version 3.4.0 is vulnerable to SQL injection via maliciously crafted identifiers (e.g., database or table names). The issue can be triggered by a logged-in database user, with remediation to upgrade to 3.5.0 (or apply fixes per advisories). Connected docum...

Security Bulletin: Due to use of Apache Commons, IBM Operations Analytics - Log Analysis is affected by Improper Handling of Untrusted Input During Deserialization

Summary Apache Commons is used by IBM Operations Analytics - Log Analysis as part of the configuration parsing in Apache Solr CVE-2017-15708, CVE-2019-13116 and Java Deserialization CVE-2015-4852, CVE-2015-6420, CVE-2015-7501 Vulnerability Details CVEID:CVE-2015-4852 DESCRIPTION: The WLS Security...

Apache Kylin Authentication Bypass Vulnerability

Apache Kylin is an open source distributed analytics engine designed to provide SQL interfaces as well as support for multidimensional analytics for Hadoop and Alluxio for very large datasets. An authentication bypass vulnerability exists in the Apache Kylin /kylin/api/user/updateuser interface,...

Apache Fory Deserialization Vulnerability

Apache Fory is a JIT-based dynamic compilation and zero-copy technology based on multi- language serialization framework , designed for distributed systems and high-performance computing scenarios . Apache Fory suffers from a deserialization vulnerability that stems from unsafe deserialization of...

Apache Flink CDC SQL注入漏洞

Apache Flink CDC is a real-time data capture framework from the Apache Foundation. An SQL injection vulnerability exists in Apache Flink CDC version 3.4.0, which stems from improper handling of specially crafted identifiers such as database names or table names, which could lead to SQL injection...

AlmaLinux 10 : mod_http2 (ALSA-2025:14625)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:14625 advisory. httpd: modproxyhttp2: untrusted input from a client causes an assertion to fail in the Apache modproxyhttp2 module CVE-2025-49630 Tenable has extracted the...

AlmaLinux 10 : tomcat9 (ALSA-2025:14178)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:14178 advisory. tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - Uncontrolled Recursion vulnerability in Apache Commons Lang

Summary Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass... Can Throw A StackOverflowError On Very Long Inputs. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization -...

Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Resource Shutdown or Release vulnerability (CVE-2025-48989).

Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Resource Shutdown or Release vulnerability CVE-2025-48989. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2025-48989 DESCRIPTION: Improper...

PT-2025-41533

CVE-2025-6046 - CVE-2019-25033: Apache Struts Unauthenticated Remote Code Execution Vulnerability CVE ID : CVE-2025-6046 Published : Oct. 7, 2025, 11:15 p.m. | 3 hours, 24 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severit...