Apache Parquet Java – Potential malicious code execution from trusted packages (CVE-2025-46762)
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code.
Read MoreApache
Apache ActiveMQ NMS Body Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-29953)
CVE-2025-29953 – This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache ActiveMQ NMS.
Read MoreApache Pinot Improper Neutralization of Special Elements Authentication Bypass Vulnerability (CVE-2024-56325)
CVE-2024-56325 vulnerability allows remote attackers to bypass authentication on affected installations of Apache Pinot.
Read More
Apache Arrow R package – Arbitrary code execution when loading a malicious data file [CVE-2024-52338]
CVE number = CVE-2024-52338 Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0
Read MoreApache OFBiz resolveURI Authentication Bypass Vulnerability [CVE-2024-38856]
CVE number = CVE-2024-38856 CVSS score = 9.8 This vulnerability allows remote attackers to bypass authentication on affected installations of
Read More
Apache OFBiz createRegister Error Message Information Disclosure Vulnerability [CVE-2024-23946]
CVE number = CVE-2024-23946 This vulnerability in Apache OFBiz allows remote attackers to disclose sensitive information on affected installations of
Read More
Remote code execution vulnerability found in Apache Struts 2 [CVE-2023-50164]
Apache has issued a warning to its users regarding a critical remote code execution (RCE) vulnerability found in its widely-used
Read MoreApache Batik DefaultScriptSecurity Server-Side Request Forgery Remote Code Execution Vulnerability [CVE-2022-40146]
CVE number – CVE-2022-40146 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache Batik. Interaction
Read MoreApache Batik DefaultExternalResourceSecurity Server-Side Request Forgery Information Disclosure Vulnerability [CVE-2022-38398]
CVE number = CVE-2022-38398 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache Batik. Interaction
Read More
Apache HTTPD Server ap_escape_html2 Integer Overflow Remote Code Execution Vulnerability [CVE-2022-22721]
CVE number – CVE-2022-22721 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache HTTPD Server.
Read More