The bug allows attackers to carry out XML External Entity (XXE) injection attacks via crafted XFA files inside PDF files.
The post Critical Apache Tika Vulnerability Leads to XXE Injection appeared first on SecurityWeek.
Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum
Exploits swirling for remote code execution vulnerability (CVE-2025-24813) in open-source Apache Tomcat web server.
The post Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum appeared first on SecurityWeek.
Apache OFBiz Users Warned of New and Exploited Vulnerabilities
Organizations are being warned of a newly discovered Apache OFBiz vulnerability as exploitation of another recent flaw is observed.
The post Apache OFBiz Users Warned of New and Exploited Vulnerabilities appeared first on SecurityWeek.
CISA Warns of Apache Superset Vulnerability Exploitation
CISA has added a critical-severity Apache Superset flaw (CVE-2023-27524) to its Known Exploited Vulnerabilities catalog.
The post CISA Warns of Apache Superset Vulnerability Exploitation appeared first on SecurityWeek.
Critical Apache OFBiz Vulnerability in Attacker Crosshairs
Shadowserver sees possible in-the-wild exploitation of a critical Apache OFBiz vulnerability tracked as CVE-2023-49070.
The post Critical Apache OFBiz Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.
Recent Apache Struts 2 Vulnerability in Attacker Crosshairs
Attackers are attempting to exploit a critical RCE flaw in Apache Struts 2 after researchers publish PoC code.
The post Recent Apache Struts 2 Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.
Apache Patches Critical RCE Vulnerability in Struts 2
Apache has addressed a critical-severity Struts 2 file upload vulnerability that could lead to remote code execution.
The post Apache Patches Critical RCE Vulnerability in Struts 2 appeared first on SecurityWeek.
Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
Hackers have set their sights on CVE-2023-34468, an RCE vulnerability in Apache NiFi that impacts thousands of organizations.
The post Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks appeared first on SecurityWeek.
Organizations Warned of Security Risk in Default Apache Superset Configurations
Attackers can exploit Apache Superset installations with default configurations to gain administrator access and execute code on servers and databases.
The post Organizations Warned of Security Risk in Default Apache Superset Configurations appeared first on SecurityWeek.