Apache has patched CVE-2026-23918, a critical flaw in Apache HTTP Server’s HTTP/2 handling that Apache describes as a “double free and possible RCE.” The issue affects Apache HTTP Server 2.4.66 and was fixed in 2.4.67, released on May 4, 2026. The CVE-2026-23918 vulnerability matters because it can be abused remotely and without authentication. Public reporting…
Tag: Apache
AI, APAC, Exploits, Global Security News, malware, Network Security, Risk Management
CVE-2026-23918: Critical Apache HTTP/2 Flaw Can Trigger DoS and Possible RCE
Apache has patched CVE-2026-23918, a critical flaw in Apache HTTP Server’s HTTP/2 handling that Apache describes as a “double free and possible RCE.” The issue affects Apache HTTP Server 2.4.66 and was fixed in 2.4.67, released on May 4, 2026. The CVE-2026-23918 vulnerability matters because it can be abused remotely and without authentication. Public reporting…
AI, APAC, Exploits, Global Security News
Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE
Apache fixed several flaws in HTTP Server, including CVE-2026-23918 (CVSS score of 8.8), a double-free bug in HTTP/2 that could allow remote code execution. The Apache Software Foundation has released updates to fix multiple vulnerabilities in its HTTP Server, including CVE-2026-23918 (CVSS score of 8.8). The issue involves a “double free” error in HTTP/2 handling…
APAC, Global Security News
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE). The vulnerability, tracked as CVE-2026-23918 (CVSS score: 8.8), has been described as a case of “double free and possible RCE” in the HTTP/2 protocol…
APAC, Exploits, Global Security News
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. […]
APAC, Exploits, Global Security News
CISA flags Apache ActiveMQ flaw as actively exploited in attacks
CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13 years. […]
AI, APAC, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Apache ActiveMQ, tracked as CVE-2026-34197 (CVSS score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2026-34197 is a critical flaw in Apache ActiveMQ caused by…
APAC, Cybersecurity, Exploits, Global Security News
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). To that end, the agency has added the vulnerability, tracked as CVE-2026-34197 (CVSS score: 8.8), to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian
APAC, Exploits, Global Security News
13-year-old bug in ActiveMQ lets hackers remotely execute commands
Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands. […]
AI, APAC, Global Security News
Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years
Anthropic’s Claude AI has helped researchers find a vulnerability in Apache ActiveMQ Classic
AI, APAC, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
Ransomware, Zero-Days, and Data Breaches Shape This Week’s Cybersecurity Landscape
This week, a Dell vulnerability is being actively exploited, an Apache flaw allows bypass of RBAC, and over 41% of OpenClaw skills are vulnerable. Major Threats & Vulnerabilities Zero-Day Vulnerabilities A zero-day vulnerability in Dell RecoverPoint is being actively exploited to deploy web shells and backdoors in VMware environments. This highlights the urgent need for…
AI, APAC, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Apache Tomcat Vulnerability Circumvents Access Rules
A vulnerability in Apache Tomcat enables users to bypass certain access controls by leveraging legacy HTTP/0.9 requests. Under specific configurations, the issue could allow attackers to circumvent defined security constraints. “If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET…
AI, APAC, Compliance, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
CVE-2026-25903 Impacts Apache NiFi Users
A vulnerability has been disclosed that potentially impacts organizations using Apache NiFi to manage data pipelines. The issue could allow lower-privileged users to modify restricted components within a data flow due to missing authorization checks. “The missing authorization requires a more privileged user to add a restricted component to the flow configuration, but permits a…
APAC, Global Security News
Real-time Analytics News for the Week Ending February 14
In this week’s real-time analytics news: Apache Software Foundation (ASF) announced that Apache HugeGraph has become a Top-Level Project (TLP). The post Real-time Analytics News for the Week Ending February 14 appeared first on RTInsights.
APAC, Global Security News
Real-time Analytics News for the Week Ending February 14
In this week’s real-time analytics news: Apache Software Foundation (ASF) announced that Apache HugeGraph has become a Top-Level Project (TLP). The post Real-time Analytics News for the Week Ending February 14 appeared first on RTInsights.