Apache APISIX, a popular open-source API gateway, has disclosed a critical security vulnerability affecting versions prior to 3.12.0 that could enable unauthorized cross-issuer authentication bypass.
The vulnerability, CVE-2025-46647 discovered by security researcher Tiernan Messmer, specifically targets the OpenID Connect plugin when deployed in introspection...
A newly disclosed security vulnerability in Apache Seata, a distributed transaction solution, exposes applications to potential remote code execution through deserialization attacks.
The vulnerability affects a significant range of versions and represents a correction to a previously reported security issue that had an incorrectly...
A moderate-severity security vulnerability has been discovered in Apache SeaTunnel, a distributed data integration platform, affecting versions 2.3.1 through 2.3.10.
The vulnerability enables unauthorized users to execute arbitrary file read operations and deserialization attacks through the platform's RESTful API, potentially compromising system security...