Apache OFBiz RCE Flaw Abuses Password-Change Restrictions for Authentication Bypass
A critical authentication bypass vulnerability in Apache OFBiz allows attackers to hijack forced password-change flows and achieve remote code execution (RCE...
Apache
6 articles
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv e...
[webapps] Apache HertzBeat 1.8.0 - Remote Code Execution
Apache HertzBeat 1.8.
Apache fixes critical HTTP/2 vulnerability allowing remote code execution
The vulnerability, identified as CVE-2026-23918 with a CVSS score of 8.8, is a double-free error within the HTTP/2 implementation.
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnera...
Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years
Anthropic’s Claude AI has helped researchers find a vulnerability in Apache ActiveMQ Classic