OESA-2025-2345 apache-mime4j security update

Java stream based MIME message parser. Security Fixes: A vulnerability was found in Apache James MIME4J up to 0.8.8. It has been rated as problematic.Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have...

apache-airflow (>=3.0.3 <=3.0.3rc6), apache-airflow-task-sdk (=1.0.3) potentially affected by CVE-2025-54831 via apache-airflow-core (>=3.0.3 <=3.0.3rc6)

apache-airflow-core PYPI version =3.0.3, =3.0.3, =3.0.3rc6 - apache-airflow-task-sdk =1.0.3 Source cves: CVE-2025-54831 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-13053589...

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +246 more potentially affected by CVE-2025-54831 via apache-airflow (>=1.10.1 <=3.0.2)

apache-airflow PYPI version =1.10.1, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =1.0.7, =0.4.0, =0.1.0a1, =0.5.1, =1.4.0 and more Source cves: CVE-2025-54831 Source advisory: OSV:PYSEC-2025-85...

Security Bulletin: A vulnerability in Apache Commons Lang may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-48924)

Summary There is a vulnerability in Apache Commons Lang used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability...

CVE-2025-54831 Apache Airflow: Connection sensitive details exposed to users with READ permissions

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...

PT-2025-39520

Name of the Vulnerable Software and Affected Versions Apache Airflow versions 3.0.0 through 3.0.3 Description A change in Apache Airflow 3 introduced a "write-only" model for sensitive connection information, intended to restrict access to Connection Editing Users. However, in version 3.0.3, this...

PT-2025-39766

CVE-2025-60026 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-60026 Published : Sept. 26, 2025, 3:15 a.m. | 4 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-39768

CVE-2025-60027 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-60027 Published : Sept. 26, 2025, 3:15 a.m. | 4 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-39771

CVE-2025-60030 - Apache HTTP Server Denial of Service CVE ID : CVE-2025-60030 Published : Sept. 26, 2025, 3:15 a.m. | 4 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-39769

CVE-2025-60028 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-60028 Published : Sept. 26, 2025, 3:15 a.m. | 4 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-39780

CVE-2025-60032 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-60032 Published : Sept. 26, 2025, 3:15 a.m. | 4 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-39781

CVE-2025-60033 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-60033 Published : Sept. 26, 2025, 3:15 a.m. | 4 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-39779

CVE-2025-60031 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-60031 Published : Sept. 26, 2025, 3:15 a.m. | 4 hours, 8 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerabilities in Apache Tomcat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

CVE-2025-48392

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue...

httpd: CONTINUATION frames DoS

A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

httpd: CONTINUATION frames DoS

A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...

GHSA-8PJC-487G-W6P2 vulnerabilities

Vulnerabilities for packages: helm-push, knative-serving, nri-f5, nri-memcached, nuclei, rabbitmq-default-user-credential-updater, harbor, argo-events, undock, kpt, chart-testing, cloud-provider-gcp-cloud-controller-manager, fulcio, kubernetes-csi-external-health-monitor, eksctl, timescaledb-tune...

K000156612: Apache Tomcat vulnerability CVE-2025-55668

Security Advisory Description Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgra...