Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / Apache Software Foundation

Apache Software Foundation

347 tracked vulnerabilities.

Apache CXF JMS Configuration - Remote Code Execution

Apache CXF: XXE vulnerability in WS-Transfer functionality

Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository

CVE-2026-48207 CRITICAL

Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Apache Camel K: Camel K Cross-Namespace Build Deputy Attack

CVE-2026-42526 MEDIUM

Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends

CVE-2026-27173 HIGH

Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments

CVE-2026-47323 CRITICAL

Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering

CVE-2026-46586 HIGH

Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution

CVE-2026-45434 CRITICAL

Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE

CVE-2026-45187 MEDIUM

Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users to Submit System Jobs

CVE-2026-41919 CRITICAL

Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction

CVE-2026-35086 MEDIUM

Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services

CVE-2026-31986 CRITICAL

Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection

CVE-2026-31910 HIGH

Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access

CVE-2026-31909 HIGH

Apache OFBiz: Unauthenticated Shipment Label Image Disclosure

CVE-2026-31906 MEDIUM

Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters

CVE-2026-31388 MEDIUM

Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature

CVE-2026-31387 MEDIUM

Apache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonation

CVE-2026-31380 MEDIUM

Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass

CVE-2026-31379 MEDIUM

Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager

CVE-2026-31378 MEDIUM

Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution

CVE-2026-29226 HIGH

Apache OFBiz: Low-Privilege SSRF in Content Component

CVE-2026-29220 MEDIUM

Apache OFBiz: Low-Privilege LFI in Content Component

CVE-2026-29207 MEDIUM

Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component

Page 1 of 14 Next

Products

Apache Tomcat 42 Apache HTTP Server 23 Apache OFBiz 20 Apache Airflow 19 Apache OpenMeetings 15 Apache Camel 11 Apache Struts 11 Apache Thrift 11 Apache CXF 9 Apache ActiveMQ 8 Apache Atlas 8 Apache NiFi 8 Apache CloudStack 7 Apache ActiveMQ All 6 Apache Hadoop 6 Apache OpenOffice 6 Apache Wicket 6 Apache ActiveMQ Broker 5 Apache Ranger 5 Apache Ambari 4 Apache Log4j Core 4 Apache MINA 4 Apache OpenNLP 4 Apache Polaris 4 Apache Traffic Server 4 Apache APISIX 3 Apache Brooklyn 3 Apache CXF Fediz 3 Apache Cassandra 3 Apache DolphinScheduler 3

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy