CVE-2026-28564: CWE-613 Insufficient Session Expiration in Apache Software Foundation Apache IoTDB
Apache IoTDB versions from 1.0.0 up to but not including 2.0.10 contain an insufficient session expiration vulnerability. This flaw allows REST Basic Authentication to accept stale cached…
Read the full articleYou might also wanna read

WAF - WAF Release - 2025-07-28
This week’s update spotlights several vulnerabilities across Apache Tomcat, MongoDB, and Fortinet FortiWeb. Several flaws related with a mem

Emerging Threat: (CVE-2026-49975) Apache HTTP Server Denial of Service via HTTP/2 Memory Exhaustion
A memory-exhaustion flaw in Apache HTTP Server's mod_http2 lets an unauthenticated attacker crash HTTP/2 web servers within seconds using a

Emerging Threat: (CVE-2026-55957) Apache Tomcat Authentication Bypass via JNDIRealm GSSAPI Binds
A missing authentication check in Apache Tomcat lets attackers bypass GSSAPI-bound directory logins, gaining unauthorized access to any appl

WAF - WAF Release - 2026-04-07
This week's release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), along

WAF - WAF Release - 2026-06-09
This release introduces new detections for a critical SQL injection vulnerability in Drupal installations utilizing PostgreSQL (CVE-2026-908

WAF - WAF Release - 2026-04-21
This week's release introduces a new detection for a Remote Code Execution (RCE) vulnerability in Apache ActiveMQ (CVE-2026-34197) and an up

Comments
Sign in to join the conversation.
No comments yet. Be the first.