Apache Software Foundation
556 tracked vulnerabilities.
CVE-2026-55956
MEDIUM
Apache Tomcat: Security constraints for default servlet ignored method
Jun 29, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-55955
MEDIUM
Apache Tomcat: EncryptInterceptor not protected against replay attacks
Jun 29, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-55276
CRITICAL
Apache Tomcat: Logged effective web.xml is incomplete
Jun 29, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-53434
CRITICAL
Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector
Jun 29, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-53404
HIGH
Apache Tomcat: Bad ornext processing in RewriteValve
Jun 29, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-50229
MEDIUM
Apache Tomcat: XSS in number guess example
Jun 29, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-57915
HIGH
Apache Kerby: Kerberos Pre-Authentication Bypass
Jun 26, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-57914
MEDIUM
Apache Kerby: StackOverflow on parsing deeply nested ASN1 structures
Jun 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-49486
HIGH
Apache Airflow FTP provider: FTP Provider does not protect FTPS data channel (missing PROT_P)
Jun 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-56130
LOW
Apache Shiro: Remember-me cookie isn't checked for expiry on the server
Jun 25, 2026
EPSS 0.00
CVE-2026-56091
HIGH
Apache Shiro: Authentication bypass in Guice-Web integration
Jun 25, 2026
EPSS 0.00
CVE-2026-54226
MEDIUM
Apache Kvrocks: RESTORE IntSet Integer Overflow Leads to Remote DoS
Jun 25, 2026
EPSS 0.00
CVE-2026-46752
CRITICAL
Apache Kvrocks: Stack buffer overflow in Lua bit.tohex()
Jun 25, 2026
EPSS 0.00
CVE-2026-46751
MEDIUM
Apache Kvrocks 2.2.0-2.15.0 Lua Sandbox - Remote Denial of Service
Jun 25, 2026
EPSS 0.00
CVE-2026-45188
LOW
Apache Kvrocks: Replication Fullsync Path Traversal via Unvalidated Filename Handling
Jun 25, 2026
EPSS 0.00
CVE-2026-41566
CRITICAL
Apache Kvrocks: Improper permission for the APPLYBATCH command
Jun 25, 2026
EPSS 0.00
CVE-2026-54665
MEDIUM
Apache NiFi: Missing Validation for Proxy Host Headers
Jun 22, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-44914
HIGH
Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents
Jun 22, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-44913
HIGH
Apache NiFi: Improper Escaping of Table Names in CaptureChangeMySQL
Jun 22, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-44911
MEDIUM
Apache NiFi: Incorrect Authorization for Configuration Verification Requests
Jun 22, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-49872
HIGH
Apache APISIX: Improper authentication in cas-auth plugin
Jun 19, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-49871
CRITICAL
Apache APISIX: cas-auth login CSRF / session injection issue
Jun 19, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-49231
MEDIUM
Apache APISIX 3.5.0-3.16.0 OPA Plugin - Identity Spoofing
Jun 19, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-49230
CRITICAL
Apache APISIX: Authentication bypass in jwe-decrypt
Jun 19, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-48895
HIGH
Apache APISIX: Cas-auth Host header influence on CAS service URL
Jun 19, 2026
CVSS 7.2
EPSS 0.00
Products
Apache Tomcat 50
Apache Airflow 42
Apache HTTP Server 36
Apache Camel 33
Apache ActiveMQ 23
Apache OFBiz 22
Apache CXF 20
Apache ActiveMQ All 17
Apache APISIX 15
Apache OpenMeetings 15
Apache ActiveMQ Broker 13
Apache IoTDB 12
Apache NiFi 12
Apache Struts 12
Apache Thrift 11
Apache Atlas 9
Apache DolphinScheduler 8
Apache Answer 7
Apache CloudStack 7
Apache Hadoop 6
Apache OpenOffice 6
Apache Shiro 6
Apache Wicket 6
Apache Kvrocks 5
Apache MINA 5
Apache Ranger 5
Apache ActiveMQ Client 4
Apache Ambari 4
Apache Gravitino 4
Apache Log4j 1.x 4
Quick Filters