COOEY // HUBcompliance · community · intelligence

FAIL › dossier

apache vendor

6
failure events
0
zero-days
1
RCEs
1
on KEV
5
critical
65
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 6 events

DateEventSevFlagsShameSummary
2026-04-16 CVE-2026-34197 high ⚡RCE ⌖KEV 65 Apache ActiveMQ exploited a code injection vulnerability (CVE-2026-34197) allowing remote code execution.
2026-07-03 CVE-2026-47898 critical 35 Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net (Lucene.Net.Analysis.Common library). This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-be
2026-06-12 CVE-2026-49875 critical 35 Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band (OOB) external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix t
2026-06-12 CVE-2026-50627 critical 35 The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Rou
2026-06-12 CVE-2026-50628 critical 35 A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to v
2026-05-22 CVE-2026-44930 critical 35 An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.  Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.