Apache

A significant vulnerability has been discovered in Apache ActiveMQ, the widely used open-source message broker.  The flaw, officially tracked as CVE-2025-27533, enables remote attackers to trigger a Denial of Service (DoS) condition by exploiting improper...

A proof-of-concept (PoC) exploit tool has been publicly released for a maximum severity vulnerability in Apache Parquet, enabling security teams to easily identify affected servers.  The vulnerability, tracked as CVE-2025-30065 with a CVSS score of...

A new critical security vulnerability in Apache Parquet Java has been disclosed that could allow attackers to execute arbitrary code through specially crafted Parquet files.  The vulnerability, tracked as CVE-2025-46762, affects all versions of Apache...

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-38475, a critical vulnerability affecting Apache HTTP Server, to its Known Exploited Vulnerabilities (KEV) catalog.  This vulnerability allows attackers to map URLs to unintended filesystem locations,...

A critical security vulnerability (CVE-2025-29953) in Apache ActiveMQ’s NMS OpenWire Client has been disclosed, enabling remote attackers to execute arbitrary code on vulnerable systems. The flaw, rooted in unsafe deserialization of untrusted data, affects versions...

The Apache Software Foundation disclosed a significant security vulnerability in Apache Tomcat that could allow attackers to bypass security rules and trigger denial-of-service conditions through manipulated HTTP priority headers.  Identified as CVE-2025-31650, this high-severity vulnerability...

A significant security vulnerability in Apache's mod_auth_openidc module has been discovered that could allow unauthorized access to protected web resources.  The flaw, tracked as CVE-2025-31492 and rated 8.2 on the CVSSv4 scale, affects widely deployed...

A critical remote code execution (RCE) vulnerability has been discovered in Apache Parquet's Java library, potentially affecting thousands of data analytics systems worldwide.  The flaw, identified as CVE-2025-30065, carries the highest possible CVSS score of...

A critical security vulnerability in Apache Traffic Server (ATS) has been discovered. By exploiting how the server processes chunked messages, attackers can perform request smuggling attacks.  The vulnerability, tracked as CVE-2024-53868, affects multiple versions of...

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Apache Tomcat vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation in the wild.  The vulnerability, tracked as CVE-2025-24813, allows...