Apache News Articles

Critical Vulnerability in Apache Roller

Apache Software Foundation has released updates addressing a critical vulnerability affecting their Apache Roller. Users and administrators of the affected...

3 days ago

Max Severity Bug in Apache Roller Enabled Persistent Access

The remediated flaw gave adversaries a way to maintain access to the app through password resets.

3 days ago

Critical Apache Roller flaw allows to retain unauthorized access even after a password change

A critical flaw (CVE-2025-24859) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected

3 days ago

Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence

Apache Roller flaw CVE-2025-24859 keeps sessions active after password changes, risking persistent access.

3 days ago

Apache Roller Vulnerability Allows Hackers to Bypass Access Controls

A newly disclosed vulnerability in Apache Roller, the popular open-source blog server, could allow attackers to bypass critical access controls.

4 days ago

Apache Roller Flaw Exposes Systems to Unauthorized Access

This flaw, present in all versions from 1.0.0 up to 6.1.4, allows active user sessions to persist even after a password change, exposing blog sites.

4 days ago

Open Source Security Mailing List

SecLists.org archive for the Open Source Security mailing list: Discussion of security flaws, concepts, and practices in the Open Source community

2 weeks ago

President Trump fires the head of NSA and Cyber Command.

Patch issued for maximum severity flaw affecting Apache Parquet. China-linked threat actor exploits Ivanti Connect Secure vulnerability.

2 weeks ago

Critical Apache Parquet Vulnerability Allows Remote Code Execution

A severe vulnerability has been identified in the Apache Parquet Java library, specifically within its parquet-avro module.

2 weeks ago

Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code

Apache Parquet flaw CVE-2025-30065 enables remote code execution from crafted files, risking data pipelines.

2 weeks ago

Critical Apache Parquet Vulnerability Leads to Remote Code Execution

A critical vulnerability in Apache Parquet can be exploited to execute arbitrary code remotely, leading to complete system compromise.

2 weeks ago

Max severity RCE flaw discovered in widely used Apache Parquet

A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0.

2 weeks ago

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

2 weeks ago

CISA Alerts on Active Exploitation of Apache Tomcat Vulnerability

CISA has issued a high-priority alert regarding the active exploitation of CVE-2025-24813, a critical vulnerability within Apache Tomcat.

2 weeks ago

Apache Tomcat Vulnerability Exploited to execute Malicious arbitrary code on servers

A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-24813, is being actively exploited in Apache Tomcat servers.

3 weeks ago

Apache Tomcat: CVE-2025-24813: Active Exploitation

Learn about CVE-2025-24813 affecting Apache Tomcat products. Patch now to prevent remote code execution.

3 weeks ago

Apache Tomcat Vulnerability (CVE-2025-24813) Exploited to Execute Code on Servers

A critical vulnerability in Apache Tomcat has been actively exploited by attackers to achieve remote code execution (RCE) on vulnerable servers.

3 weeks ago

Apache Tomcat: Vulnerable versions downloaded nearly 100K times since PoC

A critical Apache Tomcat vulnerability (CVE-2025-24813) was exploited 30 hours after disclosure. Vulnerable versions were downloaded 100K times post-PoC.

3 weeks ago

Critical Vulnerability in Apache Tomcat Software

The Apache Software Foundation has released updates addressing a critical vulnerability which affects their Apache Tomcat software. Users and administrators ...

4 weeks ago

Critical Apache Tomcat RCE vulnerability exploited

Attack attempts via CVE-2025-24813 are underway, but successful attacks require specific, non-default configurations, according to GreyNoise.

4 weeks ago

CVE-2025-24813 : Apache Tomcat RCE Vulnerability Analysis - CYFIRMA

Published On : 2025-03-21 EXECUTIVE SUMMARY CVE-2025-24813 is a critical Remote Code Execution (RCE) vulnerability in Apache Tomcat, stemming from a path equivalence flaw that allows attackers to...

4 weeks ago

Hackers Actively Exploit Apache Tomcat Servers via CVE-2025-24813 – Patch Now

A concerning development has emerged with the active exploitation of Apache Tomcat servers through the recently disclosed vulnerability, CVE-2025-24813.

1 month ago

Recent Apache Tomcat RCE Vulnerabilities

There has been a recent string of media-hyped open-source component vulnerabilities in Apache Tomcat over the last several weeks. One of these (CVE-2025-24813) is receiving heightened scrutiny because it is...

1 month ago

CERT NZ Shares Advisory For Apache Tomcat Vulnerability

The New Zealand Computer Emergency Response Team (CERT NZ) has shared security advisory for Apache Tomcat Vulnerability CVE-2025-24813.

1 month ago

Apache Tomcat flaw actively exploited; could allow 'devastating' RCE

Remote code execution may be achieved on vulnerable servers with a single PUT API request.

'Dead simple' RCE exploit in Apache Tomcat under attack

A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack in the wild within a week of its disclosure. The vulnerability is CVE-2025-24813, and...

Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum

Exploits swirling for remote code execution vulnerability (CVE-2025-24813) in open-source Apache Tomcat web server.

Apache Tomcat RCE Vulnerability Under Fire With Exploit

The researchers who discovered the initial assault warned that the simple, staged attack is just the beginning for advanced exploit sequences that will test cyber defenses in new and more difficult ways.

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

Apache Tomcat flaw CVE-2025-24813 is under active exploitation, enabling remote code execution via PUT requests.

oss-sec: CVE-2025-29891: Apache Camel: Camel Message Header Injection through request parameters

oss-sec mailing list archives From: Andrea Cosentino <acosentino () apache org> Date: Wed, 12 Mar 2025 14:06:47 +0000 Severity: important Affected versions: - Apache Camel 4.10.0 before 4.10.2 -...

Critical RCE flaw in Apache Tomcat actively exploited in attacks

A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request.

Tomcat Vulnerability Exploited in the Wild to Take Over Apache Tomcat Servers

A critical remote code execution vulnerability in Apache Tomcat (CVE-2025-24813) is actively being exploited in the wild, enabling attackers to take complete control of vulnerable servers. 

Hackers Exploit Tomcat Vulnerability to Hijack Apache Servers

A recent and significant cybersecurity threat has emerged involving a critical vulnerability in Apache Tomcat, identified as CVE-2025-24813.

Apache Camel Vulnerability Allows Attackers to Inject Arbitrary Headers

A newly disclosed security vulnerability in Apache Camel, tracked as CVE-2025-27636, has raised alarms across the cybersecurity community.

Apache Camel RCE Vulnerability PoC Exploit Released in GitHub

A Proof of Concept (PoC) exploit for the Apache Camel vulnerability CVE-2025-27636 has been released on GitHub.

Critical Apache Tomcat Vulnerability Discovered: Immediate Patching Required

A serious security vulnerability has been identified in Apache Tomcat, potentially exposing servers to remote code execution (RCE), information disclosure, and data corruption. The vulnerability, designated...

New Apache Traffic Server Flaws Allow Malformed Request Exploits

The Apache Software Foundation has disclosed several vulnerabilities affecting its Traffic Server software.

Apache Patches Critical Remote Code Execution Vulnerability in Tomcat

The Apache Software Foundation has issued an urgent security advisory regarding a critical remote code execution (RCE) vulnerability in Apache Tomcat, now tracked as CVE-2024-56337. This security flaw, which...

Apache CXF Vulnerability Triggers DoS Attack

Colm O hEigeartaigh announced a critical vulnerability affecting various versions of Apache CXF, a widely-used framework for building web services.

Exploit Code released for Apache Traffic Control Flaw CVE-2024-45387

What is CVE-2024-45387? CVE-2024-45387 is a critical vulnerability identified in Apache Traffic Control, specifically affecting the Traffic Ops module in versions 8.0.0 to 8.0.1. The nature of this vulnerability is an SQL injection flaw, which allows an attacker to inject and execute arbitrary SQL c...

The Cyber Security Agency Of Singapore Alerts CVE-2024-43441

The Cyber Security Agency of Singapore warns of CVE-2024-43441 and other Apache vulnerabilities, urging users to update as soon as possible.

The Cyber Security Agency Of Singapore Alerts CVE-2024-43441

The Cyber Security Agency of Singapore warns of CVE-2024-43441 and other Apache vulnerabilities, urging users to update as soon as possible.

Open Source Security at Databricks

The Databricks Product Security team is deeply committed to ensuring the security and integrity of its products, which are built on top of and integrated with a variety of open source projects. Recognizing...

Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization

Critical Apache MINA flaw CVE-2024-52046 with CVSS 10.0 enables RCE via serialization flaws. Patch required.

Apache HugeGraph-Server Vulnerability Lets Attackers Bypass Authentication

A new security vulnerability, CVE-2024-43441, has been identified in Apache HugeGraph-Server, a widely used open-source graph database system.

Apache MINA Vulnerability Let Attackers Execute Remote Code

A new critical vulnerability (CVE-2024-52046) has been discovered in Apache MINA, potentially allowing attackers to execute remote code.

Apache fixed a critical SQL Injection in Apache Traffic Control

Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic Control.

DevOps/SRE Blog Scanner and News Feed

Apache Traffic Control 8.0.2 fixes CVE-2024-45387, a critical 9.9 CVSS SQL injection flaw targeting privileged users.Ruijie cloud flaws risk 50,000 devices; Open Sesame bypasses MQTT. Patches issued...

CVE-2024-45387 Critical Bug in Apache Traffic Control

CVE-2024-45387 represents a significant security concern within the Traffic Ops component of Apache Traffic Control, specifically impacting versions The heart of this vulnerability is an SQL injection flaw. Essentially, it allows a privileged user—such as those with roles like admin, federation, ope...