| CVE-2026-35554 | Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition | Apache Software Foundation | Apache Kafka Clients | - | - | 2026-04-07 13:07:09 | Deep Dive |
| CVE-2026-33227 | Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath Directory | Apache Software Foundation | Apache ActiveMQ Client | - | - | 2026-04-07 07:50:59 | Deep Dive |
| CVE-2026-34197 | Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans | Apache Software Foundation | Apache ActiveMQ Broker | - | - | 2026-04-07 07:50:11 | Deep Dive |
| CVE-2025-65114 | Apache Traffic Server: Malformed chunked message body allows request smuggling | Apache Software Foundation | Apache Traffic Server | - | - | 2026-04-02 15:55:27 | Deep Dive |
| CVE-2025-58136 | Apache Traffic Server: A simple legitimate POST request causes a crash | Apache Software Foundation | Apache Traffic Server | - | - | 2026-04-02 15:54:47 | Deep Dive |
| CVE-2026-5271 | Possible to hijack modules in current working directory | Python Software Foundation | pymanager | - | - | 2026-04-01 13:48:08 | Deep Dive |
| CVE-2026-32794 | Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange | Apache Software Foundation | Apache Airflow Provider for Databricks | 中危 | - | 2026-03-30 21:43:38 | Deep Dive |
| CVE-2026-32642 | Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission | Apache Software Foundation | Apache Artemis | 中危 | - | 2026-03-24 07:53:45 | Deep Dive |
| CVE-2026-4516 | Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection | Foundation Agents | MetaGPT | Medium | 6.3 | 2026-03-21 15:02:12 | Deep Dive |
| CVE-2026-4515 | Foundation Agents MetaGPT operator.py code_generate code injection | Foundation Agents | MetaGPT | Medium | 6.3 | 2026-03-21 11:32:11 | Deep Dive |
| CVE-2026-4519 | webbrowser.open() allows leading dashes in URLs | Python Software Foundation | CPython | 高危 | - | 2026-03-20 15:08:33 | Deep Dive |
| CVE-2026-22735 | Server Sent Event stream corruption | Spring | Spring Foundation | Low | 2.6 | 2026-03-19 23:37:36 | Deep Dive |
| CVE-2026-3479 | pkgutil.get_data() does not enforce documented restrictions | Python Software Foundation | CPython | 低危 | - | 2026-03-18 18:13:42 | Deep Dive |
| CVE-2026-28563 | Apache Airflow: DAG authorization bypass | Apache Software Foundation | Apache Airflow | 中危 | - | 2026-03-17 10:54:57 | Deep Dive |
| CVE-2026-26929 | Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata | Apache Software Foundation | Apache Airflow | - | - | 2026-03-17 10:54:06 | Deep Dive |
| CVE-2026-30911 | Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization | Apache Software Foundation | Apache Airflow | - | - | 2026-03-17 10:53:03 | Deep Dive |
| CVE-2026-28779 | Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications | Apache Software Foundation | Apache Airflow | - | - | 2026-03-17 10:15:59 | Deep Dive |
| CVE-2026-4224 | Stack overflow parsing XML with deeply nested DTD content models | Python Software Foundation | CPython | 中危 | - | 2026-03-16 17:52:27 | Deep Dive |
| CVE-2026-3644 | Incomplete control character validation in http.cookies | Python Software Foundation | CPython | 中危 | - | 2026-03-16 17:37:31 | Deep Dive |
| CVE-2025-54920 | Apache Spark: Spark History Server Code Execution Vulnerability | Apache Software Foundation | Apache Spark | 中危 | - | 2026-03-14 09:01:50 | Deep Dive |