CVE-2025-24859 - Apache Roller Session Invalidation Flaw Explained (with Example & Exploit Details)
A new security vulnerability has been found in the Apache Roller blog server, tracked as CVE-2025-24859. Before version 6.1.5, Roller failed to invalidate
CVE-2025-31672 - Improper Input Validation in Apache POI Leaves OOXML Parsing at Risk
Apache POI is one of the most popular open-source libraries for handling Microsoft Office file formats in Java, especially for reading and writing .xlsx, .docx,
CVE-2025-30473 - SQL Injection Flaw in Apache Airflow Common SQL Provider Can Lead to Privilege Escalation
A new security vulnerability, CVE-2025-30473, was discovered in the Apache Airflow Common SQL Provider (versions before 1.24.1). This flaw allows authenticated users to
CVE-2025-31492 - How mod_auth_openidc Leaked Protected Content to Unauthenticated Users
mod_auth_openidc is a popular OpenID Connect (OIDC) module for Apache 2.x servers, providing enterprise-ready authentication and single sign-on. In April 2025, a
CVE-2024-53868 - Apache Traffic Server Chunked Request Smuggling Made Easy
A new security hole, CVE-2024-53868, has been found in Apache Traffic Server (ATS). This bug allows attackers to sneak harmful HTTP requests through your proxy—
Episode
00:00:00
00:00:00