Apache Tika < 1.1.8 - Header Command Injection

Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. i...

Apache Tika - XML External Entity Injection

Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1, and tika-parsers 1.13-1.28.5 contain an XML External Entity injection caused by processing crafted XFA files inside PDFs, letting attackers perform XXE attacks remotely, exploit requires crafted PDF input. id: CVE-2025-66516 info: nam...

Ubuntu 20.04 LTS / 22.04 LTS : Apache Tika vulnerabilities (USN-8324-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8324-1 advisory. It was discovered that Apache Tika incorrectly handled XML external entities when parsing XFA content in PDF files. An attacker could possibl...

USN-8324-1: Apache Tika vulnerabilities

It was discovered that Apache Tika incorrectly handled XML external entities when parsing XFA content in PDF files. An attacker could possibly use this issue to obtain sensitive information or send malicious requests to internal resources or third-party servers...

USN-8324-1 tika vulnerabilities

It was discovered that Apache Tika incorrectly handled XML external entities when parsing XFA content in PDF files. An attacker could possibly use this issue to obtain sensitive information or send malicious requests to internal resources or third-party servers...

ai.stainless:grails-tika (=0.1.0), app.dassana:rule-engine (>=1.6.8 <=1.10.1) +1303 more potentially affected by CVE-2026-44242 via io.micronaut:micronaut-inject (>=1.0.0 <=4.10.21)

io.micronaut:micronaut-inject MAVEN version =1.0.0, =1.6.8, =1.4.0, =1.1.0, =0.3.8, =0.8.0, =0.9.1, =1.4.0, =2.0.8-micronaut-1.0, =1.3.7.6, =1.3.7.6, =1.7.3-micronaut-1.0, =1.6.2-micronaut-1.0, =2.0.0-micronaut-1.0, =2.2.2-micronaut-3.0 and more Source cves: CVE-2026-44242 Source advisory:...

com.digitalpebble.stormcrawler:storm-crawler-aws (>=2.0 <=2.11), com.digitalpebble.stormcrawler:storm-crawler-core (>=2.0 <=2.11) +77 more potentially affected by CVE-2026-41081 via org.apache.storm:storm-client (>=2.0.0 <=2.8.6)

org.apache.storm:storm-client MAVEN version =2.0.0, =2.0, =2.0, =2.0, =2.0, =2.0, =2.7, =2.0, =2.0, =2.0, =2.1, =2.6.3.1, =2.4.0, =2.4.0, =2.4.0, =2.0.0, =2.8.6 and more Source cves: CVE-2026-41081 Source advisory: OSV:GHSA-J2Q8-XX3Q-8FQH...

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in Apache Tika Core and Parsers (CVE-2025-54988, CVE-2025-66516, CVE-2025-66516)

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in Apache Tika Core and Parsers CVE-2025-54988, CVE-2025-66516, CVE-2025-66516. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika...

ai.stainless:grails-tika (=0.1.0), au.com.turingg:turingg-files (=0.0.1) +683 more potentially affected by CVE-2026-41245 via com.github.junrar:junrar (>=0.7 <=7.5.1)

com.github.junrar:junrar MAVEN version =0.7, =1.2.0, =3.6.1, =3.11.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.4 and more Source cves: CVE-2026-41245 Source advisory: OSV:GHSA-HF5P-Q87M-CRJ7...

GHSA-3PXV-7CMR-FJR4 vulnerabilities

Vulnerabilities for packages: airflow, apache-pulsar, druid, spark-kubernetes-operator-fips, apache-tika-fips, commercial-elasticsearch, opensearch, apache-activemq-fips, strimzi-kafka-operator, celeborn, flink, apache-tika, spark-fips, opensearch-fips, kserve-modelmesh, zipkin, spark,...

CVE-2026-34480 vulnerabilities

Vulnerabilities for packages: airflow, apache-pulsar, druid, spark-kubernetes-operator-fips, apache-tika-fips, commercial-elasticsearch, opensearch, apache-activemq-fips, strimzi-kafka-operator, celeborn, flink, apache-tika, spark-fips, opensearch-fips, kserve-modelmesh, zipkin, spark,...

Security Bulletin: Due to use of Apache Tika, IBM Operations Analytics - Log Analysis is affected by XML External Entity (XXE) vulnerability

Summary Apache Tika in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the extraction of text and metadata from uploaded documents so they can be indexed and searched through Solr's ExtractingRequestHandler. CVE-2025-54988, CVE-2025-66516 Vulnerability Details...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache Tika

Summary Multiple vulnerabilities in Apache Tika that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an...

ROOT-APP-MAVEN-CVE-2025-66516 CVE-2025-66516 in io.root.org.apache.tika:tika-parser-pdf-module - Patched by Root

Root has patched CVE-2025-66516 in the io.root.org.apache.tika:tika-parser-pdf-module package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-54988 CVE-2025-54988 in io.root.org.apache.tika:tika-parser-pdf-module - Patched by Root

Root has patched CVE-2025-54988 in the io.root.org.apache.tika:tika-parser-pdf-module package for Root:Maven. Multiple fixed versions available...

Linux Distros Unpatched Vulnerability : CVE-2025-59031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip- style attachments. Attacker can use specially crafted...

EUVD-2025-209090

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...

CVE-2025-59031

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...

ALPINE-CVE-2025-59031

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...

CVE-2025-59031

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...