apache

2,899 tracked vulnerabilities.

CVE-2025-26866 HIGH
Apache HugeGraph < 1.7.0 - Remote Code Execution via Hessian Deserialization
Dec 12, 2025
CVSS 8.8
EPSS 0.03
CVE-2025-23408 MEDIUM
Apache Fineract <1.10.1 - Info Disclosure
Dec 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-66675 HIGH
Apache Struts 2.0.0-6.7.4, 7.0.0-7.0.3 - Denial of Service via Multipart Request File Leak
Dec 10, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-58098 HIGH
Apache HTTP Server <2.4.66 - Command Injection
Dec 05, 2025
CVSS 8.3
EPSS 0.00
CVE-2025-66200 MEDIUM
Apache HTTP Server <2.4.66 - Auth Bypass
Dec 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-65082 MEDIUM
Apache HTTP Server 2.4.0-2.4.65 - Environment Variable Injection via CGI Configuration
Dec 05, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-59775 HIGH
Apache HTTP Server 2.4.0-2.4.65 - Server-Side Request Forgery via AllowEncodedSlashes and MergeSlashes Configuration
Dec 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-55753 HIGH
Apache HTTP Server 2.4.30-2.4.65 - Integer Overflow in ACME Certificate Renewal Backoff Timer
Dec 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-66516 HIGH NUCLEI
Apache Tika 1.13-3.2.1 and tika-parsers 1.13-1.28.5 - XML External Entity Injection via Crafted XFA in PDF
Dec 04, 2025
CVSS 8.4
EPSS 0.02
CVE-2025-64775 HIGH
Apache Struts 2.0.0-6.7.0 and 7.0.0-7.0.3 - Denial of Service via Multipart Request Processing
Dec 01, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-59789 HIGH
Apache bRPC < 1.15.0 - Denial of Service via Deep Recursive JSON Data in json2pb Component
Dec 01, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-59792 MEDIUM
Apache Kvrocks 1.0.0-2.13.0 - Cleartext Storage of Sensitive Information in MONITOR Command
Nov 28, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-59790 MEDIUM
Apache Kvrocks 2.9.0-2.13.0 - Improper Privilege Management
Nov 28, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-59454 MEDIUM
Apache CloudStack 4.0.0-4.20.1.9 - Authenticated Exposure of Sensitive Information via API Permission Bypass
Nov 27, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-59302 MEDIUM
Apache CloudStack 4.18.0-4.20.1 and 4.21.0-4.21.9 - Authenticated Code Injection via Admin APIs
Nov 27, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-54057 MEDIUM
Apache SkyWalking <= 10.2.0 - Cross-Site Scripting
Nov 27, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-62728 MEDIUM
Apache Hive 4.1.0-4.1.9 - Authenticated SQL Injection via Thrift API Delete Column Statistics Request
Nov 26, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-59390 CRITICAL
Apache Druid <= 34.0.0 - Weak Cookie Signature Secret via ThreadLocalRandom
Nov 26, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-65998 HIGH
Apache Syncope 2.1.0-2.1.13 and 4.0.0-4.0.2 - Use of Hard-coded Cryptographic Key
Nov 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-64408 MEDIUM
Apache Causeway < 3.5.0 - Authenticated Remote Code Execution via URL Parameter Deserialization
Nov 19, 2025
CVSS 6.3
EPSS 0.01
CVE-2025-64407 MEDIUM
Apache OpenOffice <= 4.1.15 - Information Disclosure via External Link URI Scheme
Nov 12, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-61623 MEDIUM
Apache OFBiz < 24.09.03 - Reflected Cross-Site Scripting
Nov 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-59118 HIGH
Apache OFBiz < 24.09.03 - Unrestricted Upload of File with Dangerous Type
Nov 12, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-64406 MEDIUM
Apache OpenOffice <= 4.1.15 - Out-of-bounds Write
Nov 12, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-64405 HIGH
Apache OpenOffice <= 4.1.15 - Unauthenticated External Link Loading via DDE Links
Nov 12, 2025
CVSS 7.5
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV