| CVE-2026-34480 | Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters | Apache Software Foundation | Apache Log4j Core | - | - | 2026-04-10 15:42:04 | Deep Dive |
| CVE-2026-34479 | Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters | Apache Software Foundation | Apache Log4j 1 to Log4j 2 bridge | - | - | 2026-04-10 15:41:08 | Deep Dive |
| CVE-2026-34478 | Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility | Apache Software Foundation | Apache Log4j Core | - | - | 2026-04-10 15:40:18 | Deep Dive |
| CVE-2026-34477 | Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass | Apache Software Foundation | Apache Log4j Core | - | - | 2026-04-10 15:36:20 | Deep Dive |
| CVE-2026-39304 | Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM | Apache Software Foundation | Apache ActiveMQ Client | 高危 | - | 2026-04-10 10:54:04 | Deep Dive |
| CVE-2026-34500 | Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled | Apache Software Foundation | Apache Tomcat | - | - | 2026-04-09 19:36:53 | Deep Dive |
| CVE-2026-34487 | Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token | Apache Software Foundation | Apache Tomcat | - | - | 2026-04-09 19:36:12 | Deep Dive |
| CVE-2026-34486📌💣 | Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor | Apache Software Foundation | Apache Tomcat | - | - | 2026-04-09 19:35:36 | Deep Dive |
| CVE-2026-34483 | Apache Tomcat: Incomplete escaping of JSON access logs | Apache Software Foundation | Apache Tomcat | - | - | 2026-04-09 19:30:29 | Deep Dive |
| CVE-2026-32990 | Apache Tomcat: Fix for CVE-2025-66614 is incomplete | Apache Software Foundation | Apache Tomcat | - | - | 2026-04-09 19:23:50 | Deep Dive |
| CVE-2026-29146 | Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default EPSS 0.13 | Apache Software Foundation | Apache Tomcat | - | - | 2026-04-09 19:21:57 | Deep Dive |
| CVE-2026-29145 | Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled | Apache Software Foundation | Apache Tomcat | - | - | 2026-04-09 19:20:25 | Deep Dive |
| CVE-2026-29129 | Apache Tomcat: TLS cipher order is not preserved | Apache Software Foundation | Apache Tomcat | - | - | 2026-04-09 19:19:41 | Deep Dive |
| CVE-2026-25854📌 | Apache Tomcat: Occasionally open redirect | Apache Software Foundation | Apache Tomcat | - | - | 2026-04-09 19:13:14 | Deep Dive |
| CVE-2026-24880 | Apache Tomcat: Request smuggling via invalid chunk extension | Apache Software Foundation | Apache Tomcat | - | - | 2026-04-09 19:12:11 | Deep Dive |
| CVE-2026-40046 | Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated | Apache Software Foundation | Apache ActiveMQ | - | - | 2026-04-09 15:58:33 | Deep Dive |
| CVE-2026-33005 | Apache OpenMeetings: Insufficient checks in FileWebService | Apache Software Foundation | Apache OpenMeetings | - | - | 2026-04-09 15:52:51 | Deep Dive |
| CVE-2026-33266 | Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt | Apache Software Foundation | Apache OpenMeetings | - | - | 2026-04-09 15:52:36 | Deep Dive |
| CVE-2026-34020 | Apache OpenMeetings: Login Credentials Passed via GET Query Parameters | Apache Software Foundation | Apache OpenMeetings | - | - | 2026-04-09 15:52:07 | Deep Dive |
| CVE-2025-57735 | Apache Airflow: Airflow Logout Not Invalidating JWT | Apache Software Foundation | Apache Airflow | - | - | 2026-04-09 11:12:42 | Deep Dive |