serisec

Category: Apache

  • Apache ZooKeeper Vulnerability Allow Attackers to Access Sensitive Data

    Apache ZooKeeper Vulnerability Allow Attackers to Access Sensitive Data Two “Important” severity vulnerabilities have been disclosed in Apache ZooKeeper, a widely used service for configuration management and naming in distributed applications, making timely security updates critical. These newly discovered flaws could allow attackers to access sensitive configuration data or bypass hostname verification to impersonate trusted…

  • Apache NiFi Vulnerability Enables Authorization Bypass

    Apache NiFi Vulnerability Enables Authorization Bypass A newly disclosed high-severity vulnerability in Apache NiFi exposes systems to an authorization bypass that could allow lower-privileged users to modify restricted components. Tracked as CVE-2026-25903, the flaw impacts Apache NiFi versions 1.1.0 through 2.7.2 and has been fixed in version 2.8.0. According to the Apache NiFi security advisory, the issue arises from missing…

  • Apache Hadoop Vulnerability Exposes Systems Potential Crashes or Data Corruption

    Apache Hadoop Vulnerability Exposes Systems Potential Crashes or Data Corruption A moderate-severity vulnerability in the Hadoop Distributed File System (HDFS) native client could allow attackers to trigger system crashes or corrupt critical data through maliciously crafted URI inputs. The vulnerability, tracked as CVE-2025-27821, affects Apache Hadoop versions 3.2.0 through 3.4.1. Stems from an out-of-bounds write…

  • Apache NuttX Vulnerability Let Attackers to Crash Systems

    Apache NuttX Vulnerability Let Attackers to Crash Systems A newly disclosed use-after-free vulnerability in Apache NuttX RTOS could allow attackers to cause system crashes and unintended filesystem operations, prompting urgent security warnings for users running network-exposed services. The flaw, tracked as CVE-2025-48769 and rated moderate in severity, affects a wide range of NuttX versions and…

  • Critical Apache StreamPipes Vulnerability Let Attackers Seize Admin Control

    Critical Apache StreamPipes Vulnerability Let Attackers Seize Admin Control A security patch addressing a critical privilege escalation vulnerability that allows unauthorized users to gain administrative access to the data streaming platform. The flaw, tracked as CVE-2025-47411 and rated important, affects Apache StreamPipes versions 0.69.0 through 0.97.0. The vulnerability stems from a flawed user ID creation…

  • Apache SeaTunnel Vulnerability Allows Unauthorized Users to Perform Deserialization Attack

    Apache SeaTunnel Vulnerability Allows Unauthorized Users to Perform Deserialization Attack Apache SeaTunnel, the widely used distributed data integration platform, has disclosed a significant security vulnerability that enables unauthorized users to execute arbitrary file read operations and deserialization attacks through its RESTful API interface.  The vulnerability, tracked as CVE-2025-32896 and reported on April 12, 2025, affects…

  • Apache Traffic Server Vulnerability Let Attackers Trigger DoS Attack via Memory Exhaustion

    Apache Traffic Server Vulnerability Let Attackers Trigger DoS Attack via Memory Exhaustion A critical security vulnerability has been discovered in Apache Traffic Server that allows remote attackers to trigger denial-of-service (DoS) attacks through memory exhaustion.  The vulnerability, tracked as CVE-2025-49763, affects the Edge Side Includes (ESI) plugin and poses significant risks to organizations running affected…

  • Apache ActiveMQ Vulnerability Allows Remote Attackers to Execute Arbitrary Code

    Apache ActiveMQ Vulnerability Allows Remote Attackers to Execute Arbitrary Code A critical security vulnerability (CVE-2025-29953) in Apache ActiveMQ’s NMS OpenWire Client has been disclosed, enabling remote attackers to execute arbitrary code on vulnerable systems. The flaw, rooted in unsafe deserialization of untrusted data, affects versions prior to 2.1.1 and poses significant risks to organizations using…

  • Apache Traffic Server Vulnerability Let Attackers Smuggle Requests

    Apache Traffic Server Vulnerability Let Attackers Smuggle Requests A critical security vulnerability in Apache Traffic Server (ATS) has been discovered. By exploiting how the server processes chunked messages, attackers can perform request smuggling attacks.  The vulnerability, tracked as CVE-2024-53868, affects multiple versions of this high-performance HTTP proxy server and requires system administrators’ immediate attention. According…

  • Critical Apache Ignite Vulnerability Let Attackers Execute Remote Code 

    Critical Apache Ignite Vulnerability Let Attackers Execute Remote Code  A critical vulnerability in Apache Ignite tracked as CVE-2024-52577, exposes systems to remote code execution (RCE) attacks due to improper enforcement of class serialization filters.  Rated CVSS 9.8, this flaw affects Ignite versions 2.6.0 through 2.16.x, enabling attackers to execute arbitrary code by exploiting deserialization weaknesses…