Apache Software Foundation
556 tracked vulnerabilities.
CVE-2026-50223
HIGH
Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution
Jun 10, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-47342
HIGH
Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
Jun 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-25700
HIGH
Apache Answer: AdminToken not invalidated after admin deactivation
Jun 10, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-49818
MEDIUM
Apache Airflow Samba provider: Path traversal in GCSToSambaOperator via GCS object names
Jun 09, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-34905
MEDIUM
Apache Answer: Unlisted Questions Accessible via Direct API Access
Jun 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34033
MEDIUM
Apache Answer: HTML Content Injection in Email
Jun 09, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-34031
MEDIUM
Apache Answer: The custom avatar was not properly validated
Jun 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33582
MEDIUM
Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error
Jun 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25699
MEDIUM
Apache Answer: Authorization Bypass in Timeline API
Jun 09, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25688
MEDIUM
Apache Answer: XSS in AI Answer Rendering
Jun 09, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-49975
HIGH
Apache HTTP Server: mod_http2 denial of service
Jun 08, 2026
CVSS 7.5
EPSS 0.11
CVE-2026-48913
HIGH
Apache HTTP Server: mod_http2 memory corruption when file handles exhausted
Jun 08, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-44631
CRITICAL
Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow
Jun 08, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-44186
HIGH
Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp
Jun 08, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-44185
HIGH
Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`
Jun 08, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-44119
MEDIUM
Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules
Jun 08, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-43951
MEDIUM
Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash
Jun 08, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-42536
HIGH
Apache HTTP Server: mod_xml2enc heap overflow
Jun 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-42535
CRITICAL
Apache HTTP Server: mod_dav_fs protected directory access
Jun 08, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-34356
HIGH
Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow
Jun 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-34355
HIGH
Apache HTTP Server: mod_proxy_html buffer overflow
Jun 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-29170
MEDIUM
Apache HTTP Server: mod_proxy_ftp XSS
Jun 08, 2026
CVSS 6.1
EPSS 0.01
CVE-2026-29167
CRITICAL
Apache HTTP Server: mod_ldap per-dir use-after-free
Jun 08, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-47430
HIGH
Apache Cordova InAppBrowser iOS 3.1.0-6.0.0 - Callback ID Spoofing
Jun 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-50076
CRITICAL
Apache Fory: Java ReplaceResolverSerializer deserialization checks bypass
Jun 04, 2026
CVSS 9.1
EPSS 0.01
Products
Apache Tomcat 50
Apache Airflow 42
Apache HTTP Server 36
Apache Camel 33
Apache ActiveMQ 23
Apache OFBiz 22
Apache CXF 20
Apache ActiveMQ All 17
Apache APISIX 15
Apache OpenMeetings 15
Apache ActiveMQ Broker 13
Apache IoTDB 12
Apache NiFi 12
Apache Struts 12
Apache Thrift 11
Apache Atlas 9
Apache DolphinScheduler 8
Apache Answer 7
Apache CloudStack 7
Apache Hadoop 6
Apache OpenOffice 6
Apache Shiro 6
Apache Wicket 6
Apache Kvrocks 5
Apache MINA 5
Apache Ranger 5
Apache ActiveMQ Client 4
Apache Ambari 4
Apache Gravitino 4
Apache Log4j 1.x 4
Quick Filters