apache

2,899 tracked vulnerabilities.

CVE-2026-46586 HIGH
Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution
May 19, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-45434 CRITICAL
Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE
May 19, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-45187 MEDIUM
Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users to Submit System Jobs
May 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41919 CRITICAL
Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction
May 19, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-35086 MEDIUM
Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services
May 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-31986 CRITICAL
Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection
May 19, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-31910 HIGH
Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access
May 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31909 HIGH
Apache OFBiz: Unauthenticated Shipment Label Image Disclosure
May 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31906 MEDIUM
Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters
May 19, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-31388 MEDIUM
Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature
May 19, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-31387 MEDIUM
Apache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonation
May 19, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-31380 MEDIUM
Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass
May 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-31379 MEDIUM
Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager
May 19, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-31378 MEDIUM
Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution
May 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-29226 HIGH
Apache OFBiz: Low-Privilege SSRF in Content Component
May 19, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-29220 MEDIUM
Apache OFBiz: Low-Privilege LFI in Content Component
May 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-29207 MEDIUM
Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component
May 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-35194 HIGH
Apache Flink: Remote code execution via SQL injection in code generation
May 15, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-45205 MEDIUM
Apache Commons Configuration: StackOverflowError for YAML input with cycles
May 14, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-43515 CRITICAL
Apache Tomcat: Security constraints not correctly applied
May 12, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-43514 LOW
Apache Tomcat: AJP secret compared in non-constant time
May 12, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-43513 HIGH
Apache Tomcat: LockOutRealm treats user names as case-sensitive
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-43512 CRITICAL
Apache Tomcat: Digest authenticator will authenticate any unknown user
May 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-42498 HIGH
Apache Tomcat: WebSocket authentication header exposure
May 12, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-41293 CRITICAL
Apache Tomcat: HTTP/2 request headers not validated
May 12, 2026
CVSS 9.8
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV