apache
3,084 tracked vulnerabilities.
CVE-2026-41603
HIGH
Apache Thrift: Java TSSLTransportFactory hostname verification
Apr 28, 2026
CVSS 7.4
EPSS 0.01
CVE-2026-41602
HIGH
Apache Thrift: Go TFramedTransport uint32 overflow
Apr 28, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-41081
MEDIUM
Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure
Apr 27, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-40557
MEDIUM
Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections
Apr 27, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-33453
CRITICAL
NUCLEI
Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution
Apr 27, 2026
CVSS 10.0
EPSS 0.06
CVE-2026-27172
HIGH
Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store
Apr 27, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-41409
CRITICAL
Apache MINA: CWE-502 Deserialization of Untrusted Data
Apr 27, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-40858
HIGH
Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository
Apr 27, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-40022
HIGH
Apache Camel Platform HTTP Main: Authentication Bypass on Non-Root Context Paths in camel main runtime
Apr 27, 2026
CVSS 8.2
EPSS 0.01
CVE-2026-33454
CRITICAL
Apache Camel MailHeaderFilterStrategy - MIME Header Injection RCE
Apr 27, 2026
CVSS 9.4
EPSS 0.01
CVE-2026-41635
CRITICAL
Apache MINA IoBuffer - Deserialization Remote Code Execution
Apr 27, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-40860
CRITICAL
Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp
Apr 27, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-40473
HIGH
Apache Camel Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP
Apr 27, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-40453
CRITICAL
Apache Camel HeaderFilterStrategy - Case-Variant Internal Header Injection
Apr 27, 2026
CVSS 9.9
EPSS 0.01
CVE-2026-40048
HIGH
Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager
Apr 27, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-40690
MEDIUM
Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users
Apr 24, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-38743
MEDIUM
Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities
Apr 24, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-23902
HIGH
Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution.
Apr 24, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41044
HIGH
Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia
Apr 24, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-41043
MEDIUM
Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues
Apr 24, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-40466
HIGH
NUCLEI
Apache ActiveMQ Broker < 5.19.6 and 6.0.0 to before 6.2.5 - Remote Code Execution
Apr 24, 2026
CVSS 8.8
EPSS 0.05
CVE-2026-40542
HIGH
Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification
Apr 22, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-33558
MEDIUM
Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output
Apr 20, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-33557
CRITICAL
Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication
Apr 20, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-40948
MEDIUM
Apache Airflow: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager
Apr 18, 2026
CVSS 5.4
EPSS 0.00
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters