VIR Vulnerability Intelligence Relay

Search

Found 873 results in 112ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-40563 high 8.1 8.1 apache 1mo ago Apache Atlas has a Code Injection Vulnerability
CVE-2026-33523 medium 6.5 6.5 FIX debian debian sleswindows windows apache 1mo ago HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are rec…
CVE-2026-33007 medium 5.3 5.3 FIX debian debian rhel sles apache 1mo ago A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. …
CVE-2026-33006 medium 4.8 4.8 FIX debian debian sleswindows windows apache 1mo ago A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes th…
CVE-2026-29169 high 7.5 7.5 FIX debian debian sleswindows windows apache 1mo ago A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav o…
CVE-2026-23918 high 8.8 9.8 EXPFIX debian debian sleswindows windows apache 1mo ago Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which f…
CVE-2026-34032 medium 5.3 5.3 FIX debian debian rhel sles apache 1mo ago Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which f…
CVE-2026-33857 medium 5.3 5.3 FIX debian debian rhel sles apache 1mo ago Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the…
CVE-2026-34059 high 7.5 7.5 FIX debian debian rhel sles apache 1mo ago Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
CVE-2026-24072 high 8.8 8.8 FIX debian debian sleswindows windows apache 1mo ago An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgra…
CVE-2026-42779 critical 9.8 9.8 apache 1mo ago Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41635 Incomplete Fix)
CVE-2026-42778 critical 9.8 9.8 apache 1mo ago Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41409 Incomplete Fix)
CVE-2026-42404 high 7.2 7.2 apache 1mo ago Apache Neethi doesn't impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API
CVE-2026-42403 high 7.5 7.5 apache 1mo ago Apache Neethi does not properly detect circular references in policy definitions.
CVE-2026-42402 high 7.5 7.5 apache 1mo ago Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization
CVE-2026-41016 medium 5.9 5.9 apache 1mo ago apache-airflow-providers-smtp: No certificate validation on SMTP STARTTLS connections in SMTP provider
CVE-2026-41873 critical 9.8 9.8 apache 1mo ago ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all …
CVE-2026-41636 high 7.5 7.5 FIX slesdebian debian apache 1mo ago Apache Thrift Node.js bindings vulnerable to Uncontrolled Recursion
CVE-2026-41607 medium 6.5 6.5 FIX slesdebian debian apache 1mo ago Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
CVE-2026-41606 medium 5.3 5.3 FIX slesdebian debian apache 1mo ago Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
CVE-2026-41605 high 7.3 7.3 FIX slesdebian debian apache 1mo ago Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
CVE-2026-41604 high 8.2 8.2 FIX slesdebian debian apache 1mo ago Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
CVE-2026-41603 high 7.4 7.4 FIX slesdebian debian apache 1mo ago Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixe…
CVE-2026-41602 high 7.5 7.5 FIX slesdebian debian apache 1mo ago Apache Thrift TFramedTransport Go language implementation has an Integer Overflow or Wraparound vulnerability
CVE-2025-48431 high 7.5 7.5 FIX debian debian apache 1mo ago Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, w…
CVE-2026-41081 medium 6.5 6.5 apache 1mo ago Apache Storm's Improper Handling of TLS Client Authentication Failure Leads to Anonymous Principal Assignment
CVE-2026-40557 medium 4.8 4.8 apache 1mo ago Apache Storm Prometheus Reporter vulnerable to Improper Certificate Validation via Global SSL Context Downgrade
CVE-2026-33453 critical 10.0 10.0 apache 1mo ago Apache camel-coap allows header injection that can lead to remote code execution
CVE-2026-27172 high 8.8 8.8 apache 1mo ago Apache Camel-Consul component vulnerable to Deserialization of Untrusted Data
CVE-2026-41409 critical 9.8 9.8 FIX debian debian apache 1mo ago Apache MINA Vulnerable to Deserialization of Untrusted Data (CVE-2024-52046 Incomplete Fix)
CVE-2026-40858 high 8.8 8.8 apache 1mo ago Apache Camel-Infinispan Component Vulnerable to Deserialization of Untrusted Data
CVE-2026-40022 high 8.2 8.2 apache 1mo ago Apache Camel Vulnerable to Authentication Bypass Using an Alternate Path or Channel
CVE-2026-33454 critical 9.4 9.4 apache 1mo ago Apache Camel's Camel-Mail component is vulnerable to Camel message header injection
CVE-2026-41635 critical 9.8 9.8 debian debian apache 1mo ago Apache MINA vulnerable to Deserialization of Untrusted Data
CVE-2026-40860 critical 9.8 9.8 apache 1mo ago JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() …
CVE-2026-40473 high 8.8 8.8 apache 1mo ago Camel-MINA Vulnerable to Deserialization of Untrusted Data
CVE-2026-40453 critical 9.9 9.9 apache 1mo ago Apache Camel has an incomplete fix for CVE-2025-27636
CVE-2026-40048 high 7.8 7.8 apache 1mo ago Camel-PQC Vulnerable to Deserialization of Untrusted Data
CVE-2026-40542 high 7.3 7.3 FIX debian debian sles apache 1mo ago Apache HttpClient accepts SCRAM-SHA-256 authentication without proper mutual authentication verification
CVE-2026-40948 medium 5.4 5.4 apache 2mo ago The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state` parameter on the login / login-callback flow, and did not use PKCE. An at…
CVE-2026-34479 high 7.5 7.5 FIX debian debian sles apache 2mo ago Apache Log4j 1 to Log4j 2 bridge: silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters
CVE-2026-34477 medium 5.9 5.9 FIX debian debian sles apache 2mo ago Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration
CVE-2026-39304 high 7.5 7.5 debian debian apache 2mo ago Apache ActiveMQ: Denial of Service via Out of Memory vulnerability
CVE-2026-34486 high 7.5 7.5 FIX slesdebian debian apache 2mo ago Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.5…
CVE-2026-27446 critical 9.8 9.8 apache 3mo ago Apache Artemis and Apache ActiveMQ Artemis are Missing Authentication for Critical Functions
CVE-2025-55752 high 7.5 7.5 FIX rocky rhel sles apache 6mo ago Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the po…
CVE-2025-61795 medium 5.3 5.3 FIX slesdebian debian apache 7mo ago Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded …
CVE-2025-48989 high 7.5 7.5 FIX rhel rocky sles apache 10mo ago Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0…
CVE-2023-48795 medium 5.9 5.9 FIX rhel rockydebian debian apacheopenbsdputty 3y ago The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from…
CVE-2023-44487 high 7.5 10.0 KEVEXPFIX rocky rheldebian debian siemensietfnghttp2 3y ago Important: nghttp2 security update
CVE-2022-45047 critical 9.8 9.8 FIX debian debian apache 4y ago Unsafe deserialization in Apache MINA SSHD
CVE-2022-34169 high 7.5 7.5 FIX debian debian rhel sles apacheoraclenetapp 4y ago RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important)
CVE-2013-1909 medium 5.8 apache 4y ago The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which al…
CVE-2022-23307 high 8.8 8.8 FIX debian debian sles rocky apacheqosoracle 4y ago RHSA-2022:0290: parfait:0.5 security update (Important)
CVE-2022-23305 critical 9.8 9.8 FIX debian debian sles rocky apachenetappbroadcom 4y ago RHSA-2022:0290: parfait:0.5 security update (Important)
CVE-2022-23302 high 8.8 8.8 FIX debian debian sles rocky apachenetappbroadcom 4y ago RHSA-2022:0290: parfait:0.5 security update (Important)
CVE-2021-44832 medium 6.6 6.6 FIX debian debian slesfedora fedora apacheoraclecisco 5y ago Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender wit…
CVE-2021-45105 medium 5.9 5.9 FIX debian debian sles apachenetappsonicwall 5y ago Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thre…
CVE-2021-4104 high 7.5 7.5 FIX debian debian sles rocky apacheredhatoracle 5y ago RHSA-2022:0290: parfait:0.5 security update (Important)
CVE-2017-12626 high 7.5 7.5 FIX debian debian apache 6y ago Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Me…
CVE-2020-9488 low 3.7 3.7 FIX debian debian sles oracleapacheqos 6y ago Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log mess…
CVE-2019-17571 critical 9.8 9.8 FIX debian debian slesubuntu ubuntu apachenetapporacle 7y ago Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization ga…
CVE-2017-5641 critical 9.8 9.8 apachehp 9y ago Apache Flex BlazeDS unsafe deserialization
CVE-2017-15700 high 8.8 8.8 apache 9y ago Apache Sling Authentication Service vulnerability
CVE-2017-12630 medium 5.4 5.4 apache 9y ago Apache Drill vulnerable to Cross-site Scripting
CVE-2017-5663 high 8.8 8.8 apache 9y ago In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT que…
CVE-2014-3250 medium 6.5 6.5 FIX debian debian puppetapache 9y ago The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certi…
CVE-2017-15708 critical 9.8 9.8 apacheoracle 9y ago Remote Code Execution in Apache Synapse
CVE-2017-15707 medium 6.2 6.2 apachenetapporacle 9y ago Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
CVE-2017-15702 critical 9.8 9.8 apache 9y ago Apache Qpid Broker vulnerable to authentication port spoofing
CVE-2017-15701 high 7.5 7.5 apache 9y ago Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption
CVE-2017-12631 high 8.8 8.8 apache 9y ago Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
CVE-2017-3157 medium 5.5 5.5 FIX slesdebian debian rhel apache 9y ago By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrie…
CVE-2017-12608 high 7.8 7.8 FIX debian debian apache 9y ago A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory…
CVE-2017-12607 high 7.8 7.8 FIX debian debian apache 9y ago A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and appl…
CVE-2017-9806 high 7.8 7.8 FIX debian debian apache 9y ago A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory…
CVE-2016-6804 high 7.8 7.8 apache 9y ago The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated pr…
CVE-2014-0219 medium 5.5 5.5 apache 9y ago Improper Input Validation in Apache Karaf
CVE-2017-12634 critical 9.8 9.8 apache 9y ago Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation
CVE-2017-12633 critical 9.8 9.8 apache 9y ago Apache Camel camel-hessian component vulnerable to Java object deserialization
CVE-2017-12636 high 7.2 8.2 EXPFIX arch arch sles apache 9y ago multiple issues in couchdb
CVE-2017-12635 critical 9.8 10.0 EXPFIX slesarch arch apache 9y ago multiple issues in couchdb
CVE-2017-12624 medium 5.5 5.5 apache 9y ago Improper Input Validation in Apache CXF
CVE-2017-3166 high 7.8 7.8 apache 9y ago Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
CVE-2016-6803 high 7.8 7.8 apache 9y ago An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan …
CVE-2017-12625 medium 4.3 4.3 apache 9y ago Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
CVE-2014-0073 critical 9.8 9.8 apache 9y ago The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 throug…
CVE-2014-0072 high 7.5 7.5 apache 9y ago ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9…
CVE-2013-4366 critical 9.8 9.8 FIX debian debian apache 9y ago Hostname verification in Apache HttpClient 4.3 was disabled by default
CVE-2012-5636 medium 6.1 6.1 apache 9y ago Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vector…
CVE-2012-4449 critical 9.8 9.8 apache 9y ago Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop
CVE-2014-0115 high 7.5 7.5 apache 9y ago Apache Storm log viewer path traversal vulnerability
CVE-2012-0881 high 7.5 7.5 debian debian apache 9y ago Denial of service in Apache Xerces2
CVE-2009-1198 medium 6.1 6.1 apache 9y ago Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp.
CVE-2009-1197 medium 5.3 5.3 apache 9y ago Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.
CVE-2016-3090 high 8.8 8.8 apache 9y ago Apache Struts RCE Vulnerability
CVE-2015-3249 critical 9.8 9.8 FIX debian debian apache 9y ago The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary …
CVE-2015-0226 high 7.5 7.5 FIX debian debian apache 9y ago Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J
CVE-2015-0224 high 7.5 7.5 apache 9y ago qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplet…
CVE-2014-3624 critical 9.8 9.8 FIX debian debian apache 9y ago Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.