PT-2025-48429

Name of the Vulnerable Software and Affected Versions Apache bRPC versions prior to 1.15.0 Description An issue exists in the json2pb component of Apache bRPC that can lead to a server crash. This occurs when processing deeply recursive JSON data received from a remote attacker. The root cause is...

Privilege Defined With Unsafe Actions

org.apache.cassandra, cassandra-all is vulnerable to Privilege Defined With Unsafe Actions. The vulnerability is due to unsafe actions on a system resource, which allow a user with MODIFY permission on all keyspaces to escalate privileges to superuser within an Apache Cassandra cluster...

Atlassian Confluence 2.0 < 8.5.24 / 8.6.x < 9.2.6 / 9.3.x < 9.5.2 / 10.0.x < 10.0.3 RCE (CONFSERVER-100795)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-100795 advisory. - Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop...

Atlassian Jira Service Management Data Center and Server 5.12.x < 5.12.26 / 5.13.x < 10.3.9 / 10.4.x < 10.7.3 / 11.0.x < 11.0.1 DoS (JSDSERVER-16369)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16369 advisory. - Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not...

PT-2025-38621

Name of the Vulnerable Software and Affected Versions Apache Linkis versions 1.3.0 through 1.7.0 Description A flaw exists in Apache Linkis when utilizing the JDBC engine and data source functionality. Multiple rounds of URL encoding applied to the URL parameter configured on the frontend can...

PT-2025-38643

CVE-2025-59673 - Apache Struts Cross-Site Scripting CVE ID : CVE-2025-59673 Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-38642

CVE-2025-59672 - Apache HTTP Server Command Injection CVE ID : CVE-2025-59672 Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-38641

CVE-2025-59671 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-59671 Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-38652

CVE-2025-59676 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-59676 Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-38653

CVE-2025-59677 - Apache HTTP Server Untrusted User Input CVE ID : CVE-2025-59677 Published : Sept. 19, 2025, 3:15 a.m. | 1 hour, 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.304 Vulnerability Details CVEID:CVE-2025-8194 DESCRIPTION: There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration...

[SECURITY] Fedora 42 Update: lemonldap-ng-2.21.3-1.fc42

LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as...

CVE-2025-59328

A vulnerability in Apache Fory allows a remote attacker to cause a Denial of Service DoS. The issue stems from the insecure deserialization of untrusted data. An attacker can supply a large, specially crafted data payload that, when processed, consumes an excessive amount of CPU resources during...

CVE-2025-40933

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...

GHSA-8V5Q-RHF3-JPHM vulnerabilities

Vulnerabilities for packages: jenkins, thingsboard, apache-nifi-registry, apache-nifi...

CVE-2025-41248 vulnerabilities

Vulnerabilities for packages: jenkins, thingsboard, apache-nifi-registry, apache-nifi...

CVE-2025-40933 Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is...

CVE-2025-41249 vulnerabilities

Vulnerabilities for packages: camunda-zeebe, keycloak-config-cli, apache-activemq-fips, nacos-docker, apache-activemq, apache-hop-fips, jenkins, apache-nifi, apache-nifi-registry, zipkin, nacos, thingsboard, apache-hop...

GHSA-8V5Q-RHF3-JPHM vulnerabilities

Vulnerabilities for packages: nacos-docker, jenkins, apache-nifi-registry, apache-nifi, nacos, thingsboard...

GHSA-JMP9-X22R-554X vulnerabilities

Vulnerabilities for packages: camunda-zeebe, keycloak-config-cli, apache-activemq-fips, nacos-docker, apache-activemq, apache-hop-fips, jenkins, apache-nifi, apache-nifi-registry, zipkin, nacos, thingsboard, apache-hop...