Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / Apache Software Foundation

Apache Software Foundation

347 tracked vulnerabilities.

CVE-2026-41605 HIGH

Apache Thrift: Swift Compact Protocol integer overflow

CVE-2026-41604 HIGH

Apache Thrift: Swift Range crash in skip()

CVE-2026-41603 HIGH

Apache Thrift: Java TSSLTransportFactory hostname verification

CVE-2026-41602 HIGH

Apache Thrift: Go TFramedTransport uint32 overflow

CVE-2026-41081 MEDIUM

Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure

CVE-2026-40557 MEDIUM

Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections

CVE-2026-33453 CRITICAL NUCLEI

Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution

CVE-2026-27172 HIGH

Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store

CVE-2026-41409 CRITICAL

Apache MINA: CWE-502 Deserialization of Untrusted Data

CVE-2026-40858 HIGH

Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository

CVE-2026-40022 HIGH

Apache Camel Platform HTTP Main: Authentication Bypass on Non-Root Context Paths in camel main runtime

CVE-2026-33454 CRITICAL

Apache Camel MailHeaderFilterStrategy - MIME Header Injection RCE

CVE-2026-41635 CRITICAL

Apache MINA IoBuffer - Deserialization Remote Code Execution

CVE-2026-40860 CRITICAL

Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp

CVE-2026-40473 HIGH

Apache Camel Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP

CVE-2026-40453 CRITICAL

Apache Camel HeaderFilterStrategy - Case-Variant Internal Header Injection

CVE-2026-40048 HIGH

Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager

CVE-2026-40690 MEDIUM

Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users

CVE-2026-38743 MEDIUM

Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities

CVE-2026-23902 HIGH

Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution.

CVE-2026-41044 HIGH

Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia

CVE-2026-41043 MEDIUM

Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues

CVE-2026-40466 HIGH NUCLEI

Apache ActiveMQ Broker < 5.19.6 and 6.0.0 to before 6.2.5 - Remote Code Execution

CVE-2026-40542 HIGH

Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification

CVE-2026-33558 MEDIUM

Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output

Previous Page 4 of 14 Next

Products

Apache Tomcat 42 Apache HTTP Server 23 Apache OFBiz 20 Apache Airflow 19 Apache OpenMeetings 15 Apache Camel 11 Apache Struts 11 Apache Thrift 11 Apache CXF 9 Apache ActiveMQ 8 Apache Atlas 8 Apache NiFi 8 Apache CloudStack 7 Apache ActiveMQ All 6 Apache Hadoop 6 Apache OpenOffice 6 Apache Wicket 6 Apache ActiveMQ Broker 5 Apache Ranger 5 Apache Ambari 4 Apache Log4j Core 4 Apache MINA 4 Apache OpenNLP 4 Apache Polaris 4 Apache Traffic Server 4 Apache APISIX 3 Apache Brooklyn 3 Apache CXF Fediz 3 Apache Cassandra 3 Apache DolphinScheduler 3

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy