Apache Software Foundation

556 tracked vulnerabilities.

CVE-2026-50223 HIGH
Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution
Jun 10, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-47342 HIGH
Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
Jun 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-25700 HIGH
Apache Answer: AdminToken not invalidated after admin deactivation
Jun 10, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-49818 MEDIUM
Apache Airflow Samba provider: Path traversal in GCSToSambaOperator via GCS object names
Jun 09, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-34905 MEDIUM
Apache Answer: Unlisted Questions Accessible via Direct API Access
Jun 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34033 MEDIUM
Apache Answer: HTML Content Injection in Email
Jun 09, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-34031 MEDIUM
Apache Answer: The custom avatar was not properly validated
Jun 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33582 MEDIUM
Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error
Jun 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25699 MEDIUM
Apache Answer: Authorization Bypass in Timeline API
Jun 09, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25688 MEDIUM
Apache Answer: XSS in AI Answer Rendering
Jun 09, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-49975 HIGH
Apache HTTP Server: mod_http2 denial of service
Jun 08, 2026
CVSS 7.5
EPSS 0.11
CVE-2026-48913 HIGH
Apache HTTP Server: mod_http2 memory corruption when file handles exhausted
Jun 08, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-44631 CRITICAL
Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow
Jun 08, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-44186 HIGH
Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp
Jun 08, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-44185 HIGH
Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`
Jun 08, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-44119 MEDIUM
Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules
Jun 08, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-43951 MEDIUM
Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash
Jun 08, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-42536 HIGH
Apache HTTP Server: mod_xml2enc heap overflow
Jun 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-42535 CRITICAL
Apache HTTP Server: mod_dav_fs protected directory access
Jun 08, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-34356 HIGH
Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow
Jun 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-34355 HIGH
Apache HTTP Server: mod_proxy_html buffer overflow
Jun 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-29170 MEDIUM
Apache HTTP Server: mod_proxy_ftp XSS
Jun 08, 2026
CVSS 6.1
EPSS 0.01
CVE-2026-29167 CRITICAL
Apache HTTP Server: mod_ldap per-dir use-after-free
Jun 08, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-47430 HIGH
Apache Cordova InAppBrowser iOS 3.1.0-6.0.0 - Callback ID Spoofing
Jun 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-50076 CRITICAL
Apache Fory: Java ReplaceResolverSerializer deserialization checks bypass
Jun 04, 2026
CVSS 9.1
EPSS 0.01