Apache Software Foundation
556 tracked vulnerabilities.
CVE-2026-33006
MEDIUM
Apache HTTP Server: mod_auth_digest timing attack
May 04, 2026
CVSS 4.8
EPSS 0.01
CVE-2026-29169
HIGH
Apache HTTP Server: mod_dav_lock indirect lock crash
May 04, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-23918
HIGH
Apache HTTP Server: http2: double free and possible RCE on early reset
May 04, 2026
CVSS 8.8
EPSS 0.46
CVE-2026-34032
MEDIUM
Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)
May 04, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33857
MEDIUM
Apache HTTP Server: Off-by-one OOB reads in AJP getter functions
May 04, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34059
HIGH
Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()
May 04, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-24072
HIGH
Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
May 04, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-42779
CRITICAL
Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2)
May 01, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-42778
CRITICAL
Apache MINA: CWE-502 Deserialization of Untrusted Data (take 2)
May 01, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-42404
MEDIUM
Apache Neethi: Unrestricted HTTP Redirect Following in Policy References
May 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42403
HIGH
Apache Neethi: Circular Policy Reference Infinite Loop
May 01, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-42402
HIGH
Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS
May 01, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-41016
MEDIUM
Apache Airflow Providers SMTP: No certificate validation on SMTP STARTTLS connections in SMTP provider
Apr 30, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41873
CRITICAL
Pony Mail: Admin account takeover via request smuggling
Apr 28, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-41636
HIGH
Apache Thrift: Node.js skip() recursion
Apr 28, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41607
MEDIUM
Apache Thrift: C++ JSON OOB read
Apr 28, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-41606
MEDIUM
Apache Thrift: c_glib dispatch stack overflow
Apr 28, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-41605
HIGH
Apache Thrift: Swift Compact Protocol integer overflow
Apr 28, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-41604
HIGH
Apache Thrift: Swift Range crash in skip()
Apr 28, 2026
CVSS 8.2
EPSS 0.01
CVE-2026-41603
HIGH
Apache Thrift: Java TSSLTransportFactory hostname verification
Apr 28, 2026
CVSS 7.4
EPSS 0.01
CVE-2026-41602
HIGH
Apache Thrift: Go TFramedTransport uint32 overflow
Apr 28, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-41081
MEDIUM
Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure
Apr 27, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-40557
MEDIUM
Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections
Apr 27, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-33453
CRITICAL
NUCLEI
Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution
Apr 27, 2026
CVSS 10.0
EPSS 0.06
CVE-2026-27172
HIGH
Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store
Apr 27, 2026
CVSS 8.8
EPSS 0.01
Products
Apache Tomcat 50
Apache Airflow 42
Apache HTTP Server 36
Apache Camel 33
Apache ActiveMQ 23
Apache OFBiz 22
Apache CXF 20
Apache ActiveMQ All 17
Apache APISIX 15
Apache OpenMeetings 15
Apache ActiveMQ Broker 13
Apache IoTDB 12
Apache NiFi 12
Apache Struts 12
Apache Thrift 11
Apache Atlas 9
Apache DolphinScheduler 8
Apache Answer 7
Apache CloudStack 7
Apache Hadoop 6
Apache OpenOffice 6
Apache Shiro 6
Apache Wicket 6
Apache Kvrocks 5
Apache MINA 5
Apache Ranger 5
Apache ActiveMQ Client 4
Apache Ambari 4
Apache Gravitino 4
Apache Log4j 1.x 4
Quick Filters