Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for content analysis and extraction. CVE-2025-66516 has a perfect CVSS score of 10.0, indicating it is critical.
Disclosed on December 4, 2025, by the Apache Software Foundation, the vulnerability exposes...
A critical XML External Entity (XXE) vulnerability in Apache Tika, tracked as CVE-2025-66516, exposes users to attacks through specially crafted PDF files containing XFA content.
Disclosed on December 4, 2025, by Apache security team member Tim Allison, this flaw affects core parsing modules across...
A new denial-of-service vulnerability in Apache Struts exposes web applications to disk exhaustion attacks, in which hackers flood servers with temporary files until storage runs out.
Tracked as CVE-2025-64775, the flaw affects multiple versions of the popular Java web framework. It carries an "Important"...
Apache bRPC versions before 1.15.0 are vulnerable to a critical remote denial-of-service flaw that allows attackers to crash servers by exploiting uncontrolled recursion in the json2pb component.
The vulnerability, tracked as CVE-2025-59789 and discovered by Tyler Zars, affects all platforms running vulnerable versions of...
Apache SkyWalking, a popular open-source tool for application performance monitoring, faces a stored cross-site scripting vulnerability tracked as CVE-2025-54057.
This flaw affects versions up to 10.2.0 and allows attackers to inject malicious scripts into web interfaces, potentially compromising user sessions and data.
The Apache...
Apache OpenOffice, a widely used open-source office suite, has long been a target for security researchers due to its robust feature set and legacy codebase.
The latest security bulletin from the Apache OpenOffice Security Team reveals multiple critical vulnerabilities fixed in version 4.1.16, primarily...