Apache

A remote, anonymous attacker can exploit a vulnerability in Apache Tomcat to bypass security measures.

A public exploit has been released for CVE-2019-0227, a Server-Side Request Forgery vulnerability in Apache Axis 1.4 and earlier, allowing unauthenticated remote command execution when `enableRemoteAdmin` is true via deployment of a malicious webservice and webshell.

A local attacker can exploit a vulnerability in Apache Cassandra to execute arbitrary program code, potentially leading to complete system compromise.

A remote, authenticated attacker can exploit multiple vulnerabilities in Apache Airflow Providers OpenSearch and Elasticsearch to disclose sensitive information.

A vulnerability in Apache HTTP Server's HTTP/2 protocol can lead to denial of service by crashing worker processes, and in specific configurations (APR with mmap), remote code execution.

Multiple vulnerabilities in Apache HTTP Server can be exploited by an attacker to gain elevated privileges, execute arbitrary code, bypass security measures, disclose sensitive information, or cause a denial-of-service condition.

Multiple vulnerabilities in Apache HTTP Server versions prior to 2.4.67 can allow remote attackers to execute arbitrary code, escalate privileges, or cause a denial of service.

An authenticated remote attacker can exploit multiple vulnerabilities in Apache ActiveMQ to execute arbitrary program code or perform cross-site scripting attacks.

A remote attacker can exploit multiple vulnerabilities in Apache Traffic Server to conduct a denial of service or request smuggling attack.

A remote, anonymous attacker can exploit a vulnerability in Apache Commons FileUpload to perform a denial of service attack.

Critical vulnerabilities, CVE-2026-27636 and CVE-2026-27637, exist in FreeScout Help Desk that could be exploited to achieve remote code execution, potentially leading to data exfiltration and system compromise.