RockyLinux 8 : httpd:2.4 (RLSA-2026:22140)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22140 advisory. httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 httpd: modproxyajp: heap-based buffer over-read and memory disclosure in...

Linux Distros Unpatched Vulnerability : CVE-2026-45505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ...

PT-2026-45725

Name of the Vulnerable Software and Affected Versions Apache Kafka affected versions not specified Description An improper authorization issue exists in the 'CONSUMER GROUP DESCRIBE' 69 API. The implementation validates the DESCRIBE operation on the GROUP resource, which contradicts the READ...

ALSA-2026:22551 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

Apache httpd -- DoS exploit in HTTP/2

Calif security reports: Remote DoS in modhttp2...

Linux Distros Unpatched Vulnerability : CVE-2026-49157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia...

Linux Distros Unpatched Vulnerability : CVE-2026-49270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured wi...

Linux Distros Unpatched Vulnerability : CVE-2026-48827

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload- pack, git-receive-pack, and other git operations allows...

RLSA-2026:22140 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd:...

httpd:2.4 security update

An update is available for modhttp2, module.modmd, module.modhttp2, modmd, module.httpd, httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...

CVE-2026-49328

Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +38 more potentially affected by CVE-2026-41084 via apache-airflow-core (>=3.0.0 <=3.2.1rc3)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-41084 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17137559...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +38 more potentially affected by CVE-2026-41014 via apache-airflow-core (>=3.0.0 <=3.2.1rc3)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-41014 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17137573...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +38 more potentially affected by CVE-2026-40861 via apache-airflow-core (>=3.0.0 <=3.2.1rc3)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-40861 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17137558...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +38 more potentially affected by CVE-2026-45360 via apache-airflow-core (>=3.0.0 <=3.2.1rc3)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-45360 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17137547...

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.108.0) +138 more potentially affected by CVE-2026-46605 via org.apache.activemq:activemq-broker (>=6.0.0 <=6.2.5)

org.apache.activemq:activemq-broker MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =1.0.1, =0.2.2, =0.2.3 and more Source cves: CVE-2026-46605 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-17151899...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +38 more potentially affected by CVE-2026-48726 via apache-airflow-core (>=3.0.0 <=3.2.1rc3)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-48726 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17137510...

com.espertech:esperio-springjms (=9.0.0), io.fabric8.examples:fabric-activemq-demo (>=1.1.0.Beta1 <=1.2.0.redhat-133) +21 more potentially affected by CVE-2026-42588 via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.5)

org.apache.activemq:activemq-all MAVEN version =6.0.0, =1.1.0.Beta1, =1.1.0.Beta1, =1.1.0.Beta1, =4.2.9.hyte-4296, =4.2.9.hyte-4296, =4.2.9.hyte-4296, =4.2.9.hyte-4296, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.5 and more Source cves: CVE-2026-42588 Source advisory:...

org.apache.sshd:apache-sshd (>=3.0.0-M1 <=3.0.0-M3) potentially affected by CVE-2026-48827 via org.apache.sshd:sshd-git (>=3.0.0-M1 <=3.0.0-M3)

org.apache.sshd:sshd-git MAVEN version =3.0.0-M1, =3.0.0-M1, =3.0.0-M3 Source cves: CVE-2026-48827 Source advisory: SNYK:JAVA-ORGAPACHESSHD-17151844...

CVE-2026-49328 Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF

Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...