A critical vulnerability in Apache bRPC's Redis protocol parser has been identified that allows remote attackers to execute denial-of-service attacks against affected systems.
The vulnerability, designated CVE-2025-54472, affects all versions of the industrial-grade RPC framework prior to version 1.14.1.
Apache bRPC is a widely-used C++...
The Apache Software Foundation has released Apache HTTP Server 2.4.64 on July 10, 2025, addressing eight significant security vulnerabilities that affected versions spanning from 2.4.0 through 2.4.63.
This critical update resolves multiple attack vectors, including HTTP response splitting, server-side request forgery (SSRF), and denial-of-service...
Apache APISIX, a popular open-source API gateway, has disclosed a critical security vulnerability affecting versions prior to 3.12.0 that could enable unauthorized cross-issuer authentication bypass.
The vulnerability, CVE-2025-46647 discovered by security researcher Tiernan Messmer, specifically targets the OpenID Connect plugin when deployed in introspection...
A newly disclosed security vulnerability in Apache Seata, a distributed transaction solution, exposes applications to potential remote code execution through deserialization attacks.
The vulnerability affects a significant range of versions and represents a correction to a previously reported security issue that had an incorrectly...
A moderate-severity security vulnerability has been discovered in Apache SeaTunnel, a distributed data integration platform, affecting versions 2.3.1 through 2.3.10.
The vulnerability enables unauthorized users to execute arbitrary file read operations and deserialization attacks through the platform's RESTful API, potentially compromising system security...
Apache Tomcat, the widely used open-source Java servlet container, disclosed four security vulnerabilities on June 16, 2025, including two high-severity denial-of-service (DoS) vulnerabilities and a moderate-risk authentication bypass issue.
The vulnerabilities affect all major Tomcat branches (versions 9.x, 10.x, and 11.x), potentially exposing millions...