Apache Druid - Server-Side Request Forgery

Server-Side Request Forgery SSRF, Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache Druid.This issue affects all previous Druid versions.When using the Druid management proxy, a request tha...

GHSA-G8M3-5G58-FQ7M undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching

Impact When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens: -...

EUVD-2026-37747

undici WebSocket client vulnerable to denial of service via fragment count bypass...

PT-2026-50512

Name of the Vulnerable Software and Affected Versions undici versions prior to 6.26.0 undici versions prior to 7.28.0 undici versions prior to 8.5.0 Description The HTTP/1.1 client is subject to response queue poisoning when keep-alive sockets are reused. An attacker-controlled upstream server ca...

Hitachi Energy RTU500 Infinite Loop (CVE-2026-32777)

libexpat before 2.7.5 allows an infinite loop while parsing DTD content, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Regular Expression Denial of Service.

Summary picomatch-2.3.1.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-33671, CVE-2026-33672. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression...

TYPO3 CMS has Broken Access Control in Backend API

Problem Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LT...

CVE-2026-50634

A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the accepted signature. This can bypass the application's assumption that accepted Content-Type or protected HTTP-header metadata came from a verified...

EUVD-2026-36401

A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor ra.xml or runtime activation parameters. Users are recommended to upgrade to versions 4.2.2 or 4.1.7,...

CVE-2026-50632 Apache CXF: JNDI Injection Vulnerability in JMSConfigFactory

A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...

EUVD-2026-36399

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or...

CVE-2026-50630

The CVE-2026-50630 issue affects Apache CXF’s OAuth2 implementation, where the AuthorizationUtils class concatenates the realm parameter into the WWW-Authenticate header without sanitizing CR/LF characters. This can enable header injection or HTTP response splitting if an attacker controls the re...

CVE-2026-50629 Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

PT-2026-48849

A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return CR and Line Feed LF characters. If an attacker can control the realm value, they can injec...

PT-2026-48844

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 4.2.2 Apache CXF versions prior to 4.1.7 Description The EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the required JAXP hardening configurations. This allows for...

CVE-2026-42588

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java not consistently wiring configured Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, replay protections...

EulerOS 2.0 SP13 : libssh (EulerOS-SA-2026-2299)

According to the versions of the libssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the fil...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade Microsoft.NetCore.App.Runtime.osx-x...