Apache Software Foundation
556 tracked vulnerabilities.
CVE-2026-46453
MEDIUM
Apache Camel 4.14.8, 4.18.3, and 4.21.0 - Authorization Bypass
Jul 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-43867
CRITICAL
Apache Camel PQC - AWS Secrets Manager Metadata Deserialization
Jul 06, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-43866
HIGH
Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder
Jul 06, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-43865
HIGH
Apache Camel: Camel-Hazelcast: Unsafe Java deserialization in default-configured managed Hazelcast instances enables remote code execution
Jul 06, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-42527
HIGH
Apache Camel: Permissive default ObjectInputFilter pattern admits java.net.** and enables DNS-based information disclosure
Jul 06, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-40859
HIGH
Apache Camel: Camel-Vertx-Http: Unsafe Java deserialization of HTTP response bodies via a raw ObjectInputStream when transferException is enabled
Jul 06, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-40047
CRITICAL
Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argument injection and path traversal in DoclingProducer
Jul 06, 2026
CVSS 9.1
EPSS 0.02
CVE-2026-24014
CRITICAL
Apache IoTDB: Path Traversal in DataNode Internal RPC Trigger JAR Upload Allows Arbitrary File Write
Jul 06, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-24013
CRITICAL
Apache IoTDB: Authentication Bypass via Forged SessionID in Thrift RPC
Jul 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-24012
HIGH
Apache IoTDB: Denial of Service via Resource Exhaustion in Aggregation Query
Jul 06, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-47896
HIGH
Apache Lucene.Net: Unauthenticated arbitrary file read on the Lucene.Net.Replicator replication server
Jul 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-47898
CRITICAL
Apache Lucene.Net Analysis.Common PatternParser - XML External Entity Injection
Jul 03, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-47897
HIGH
Apache Lucene.Net: Arbitrary file write from malicious server to Lucene.Net.Replicator client
Jul 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-54428
HIGH
Apache HttpComponents Core: HPackDecoder Unlimited Header List Size Before SETTINGS ACK
Jul 01, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-54399
HIGH
Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration
Jul 01, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-54475
HIGH
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-53917
HIGH
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-53916
HIGH
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-52760
MEDIUM
Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ Web Console
Jun 30, 2026
CVSS 6.1
EPSS 0.01
CVE-2026-50750
HIGH
Apache ActiveMQ 5.19.7 and 6.2.6 - Unauthenticated OpenWire Denial of Service
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-50734
HIGH
Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire memory-allocation DoS during wire format negotiation
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-49877
HIGH
Apache ActiveMQ: Authenticated web users retain admin access by default in the Web Console
Jun 30, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-49434
HIGH
Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-49432
HIGH
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-55957
HIGH
Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind
Jun 29, 2026
CVSS 7.3
EPSS 0.00
Products
Apache Tomcat 50
Apache Airflow 42
Apache HTTP Server 36
Apache Camel 33
Apache ActiveMQ 23
Apache OFBiz 22
Apache CXF 20
Apache ActiveMQ All 17
Apache APISIX 15
Apache OpenMeetings 15
Apache ActiveMQ Broker 13
Apache IoTDB 12
Apache NiFi 12
Apache Struts 12
Apache Thrift 11
Apache Atlas 9
Apache DolphinScheduler 8
Apache Answer 7
Apache CloudStack 7
Apache Hadoop 6
Apache OpenOffice 6
Apache Shiro 6
Apache Wicket 6
Apache Kvrocks 5
Apache MINA 5
Apache Ranger 5
Apache ActiveMQ Client 4
Apache Ambari 4
Apache Gravitino 4
Apache Log4j 1.x 4
Quick Filters