Apache

A significant security vulnerability in Apache's mod_auth_openidc module has been discovered that could allow unauthorized access to protected web resources.  The flaw, tracked as CVE-2025-31492 and rated 8.2 on the CVSSv4 scale, affects widely deployed...

A critical remote code execution (RCE) vulnerability has been discovered in Apache Parquet's Java library, potentially affecting thousands of data analytics systems worldwide.  The flaw, identified as CVE-2025-30065, carries the highest possible CVSS score of...

A critical security vulnerability in Apache Traffic Server (ATS) has been discovered. By exploiting how the server processes chunked messages, attackers can perform request smuggling attacks.  The vulnerability, tracked as CVE-2024-53868, affects multiple versions of...

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Apache Tomcat vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation in the wild.  The vulnerability, tracked as CVE-2025-24813, allows...

Threat actors actively exploit a critical vulnerability in Apache Tomcat, tracked as CVE-2025-24813, which could enable unauthorized remote code execution (RCE) on vulnerable servers.  The vulnerability, first disclosed on March 10, 2025, has already seen...

A significant security vulnerability has been identified in Apache NiFi, allowing potential attackers with specific access privileges to expose MongoDB authentication credentials.  The vulnerability, tracked as CVE-2025-27017 (NIFI-14272), affects multiple versions of the Apache NiFi...

A critical security flaw in Apache Camel's header validation mechanism allows attackers to execute arbitrary system commands by exploiting case-sensitive header injection.  A POC released for CVE-2025-27636, this vulnerability impacts Apache Camel versions 4.10.0-4.10.1, 4.8.0-4.8.4,...

A critical security vulnerability (CVE-2024-56325) in Apache Pinot, the open-source distributed OLAP datastore used by LinkedIn, Uber, and Microsoft for real-time analytics, allows unauthenticated attackers to bypass authentication controls and gain full system access.  Rated...

A critical security vulnerability in Apache Tomcat (CVE-2025-24813) has exposed servers to remote code execution (RCE), information disclosure, and data corruption risks.  The flaw, rooted in improper handling of partial HTTP PUT requests, affects Tomcat...

The Apache Software Foundation has issued urgent patches for multiple high-severity vulnerabilities in Apache Traffic Server (ATS), its enterprise-grade caching proxy server. Four distinct flaws (CVE-2024-38311, CVE-2024-56195, CVE-2024-56196, and CVE-2024-56202) enable threat actors to...