apache

2,899 tracked vulnerabilities.

CVE-2025-64404 HIGH
Apache OpenOffice <= 4.1.15 - Missing Authorization for External Link Loading
Nov 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-64403 HIGH
Apache OpenOffice <= 4.1.15 - Missing Authorization for External Data Source Links
Nov 12, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-64402 MEDIUM
Apache OpenOffice <= 4.1.15 - Missing Authorization for External Link Loading
Nov 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-64401 HIGH
Apache OpenOffice <= 4.1.15 - Missing Authorization for External Link Loading
Nov 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-58337 MEDIUM
Doris MCP Server <0.6.0 - Auth Bypass
Nov 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-62232 HIGH
Apache APISIX < 3.14.0 - Sensitive Data Exposure via Basic-Auth Logging
Oct 31, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-62503 MEDIUM
Apache Airflow 3.0.0 through 3.1.1 - Privilege Escalation
Oct 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-62402 MEDIUM
Apache Airflow 3.0.0-3.1.0 - Unauthenticated Remote Code Execution via /api/v2/dagReports
Oct 30, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-54941 MEDIUM
Apache Airflow 3.0.0-3.0.5 - OS Command Injection via Example DAG Decorator
Oct 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-61795 MEDIUM
Apache Tomcat 8.5.0-8.5.100, 9.0.0.M1-9.0.109, 10.1.0.M1-10.1.46, 11.0.0-M1-11.0.11 - DoS via Uncleaned Multipart Upload
Oct 27, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-55754 CRITICAL
Apache Tomcat 11.0.0-M1-11.0.10, 10.1.0-M1-10.1.44, 9.0.40-9.0.108 - ANSI Escape Sequence Injection
Oct 27, 2025
CVSS 9.6
EPSS 0.00
CVE-2025-55752 HIGH
Apache Tomcat 8.5.6-8.5.100, 9.0.0.M11-9.0.108, 10.1.0-M1-10.1.44, 11.0.0-M1-11.0.10 - RCE via URI Rewrite Bypass
Oct 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-58712 MEDIUM
Apache ActiveMQ Artemis - Container Privilege Escalation via Group-Writable /etc/passwd
Oct 22, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-57738 HIGH
Apache Syncope 2.1.0-3.0.13 - Authenticated Remote Code Execution via Groovy Class Injection
Oct 20, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-47410 HIGH
Apache Geode 1.10.0-1.15.1 - Cross-Site Request Forgery via Management and Monitoring REST API
Oct 18, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-61581 HIGH
Apache Traffic Control - Info Disclosure
Oct 16, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54539 CRITICAL
Apache ActiveMQ NMS AMQP < 2.4.0 - Remote Code Execution via Untrusted AMQP Server Deserialization
Oct 16, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-55039 MEDIUM
Apache Spark <4.0.0-3.5.2-3.4.4 - Info Disclosure
Oct 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-30001 HIGH
Apache StreamPark 2.1.4-2.1.5 - Incorrect Execution-Assigned Permissions
Oct 10, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-62228 HIGH
Apache Flink CDC 3.4.0 - Authenticated SQL Injection via Maliciously Crafted Identifiers
Oct 09, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-61735 HIGH
Apache Kylin 4.0.0-5.0.2 - Server-Side Request Forgery
Oct 02, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-61734 HIGH
Apache Kylin <5.0.2 - Info Disclosure
Oct 02, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61733 HIGH
Apache Kylin 4.0.0-5.0.2 - Authentication Bypass Using an Alternate Path or Channel
Oct 02, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61622 CRITICAL
pyfory 0.12.0-0.12.2 and pyfury 0.1.0-0.10.3 - Remote Code Execution via Pickle Deserialization
Oct 01, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-54831 MEDIUM
Apache Airflow <3.0.3 - Info Disclosure
Sep 26, 2025
CVSS 6.5
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV