apache

2,899 tracked vulnerabilities.

CVE-2025-58457 MEDIUM
Apache ZooKeeper <3.9.4 - Privilege Escalation
Sep 24, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-48459 MEDIUM
Apache IoTDB <2.0.5 - Deserialization
Sep 24, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-48392 HIGH
Apache IoTDB <2.0.4 - Info Disclosure
Sep 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-59328 MEDIUM
Apache Fory < 0.12.2 - Denial of Service via Insecure Deserialization
Sep 15, 2025
CVSS 6.5
EPSS 0.03
CVE-2025-48208 HIGH
Apache HertzBeat <= 1.7.2 - Authenticated LDAP Injection via Custom Commands
Sep 09, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-24404 HIGH
Apache HertzBeat < 1.7.0 - Authenticated XML Injection via Sitemap XML Parsing
Sep 09, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-58782 MEDIUM
Apache Jackrabbit Core/JCR Commons <2.22.1 - Deserialization
Sep 08, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-26467 HIGH
Apache Cassandra <4.0.16 - Privilege Escalation
Aug 25, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-54813 HIGH
Apache Log4cxx <1.5.0 - Info Disclosure
Aug 22, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54812 MEDIUM
Apache Log4cxx < 1.5.0 - Cross-Site Scripting in HTMLLayout Logger Name
Aug 22, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-54988 HIGH
Apache Tika 1.13-3.2.1 - XML External Entity Injection via Crafted XFA in PDF
Aug 20, 2025
CVSS 8.4
EPSS 0.00
CVE-2025-53192 HIGH
Apache Commons OGNL - Code Injection
Aug 18, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-54466 CRITICAL
Apache OFBiz < 24.09.02 - Unauthenticated Remote Code Execution via Scrum Plugin
Aug 15, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-55675 MEDIUM
Apache Superset <5.0.0 - Info Disclosure
Aug 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-55674 MEDIUM
Apache Superset <5.0.0 - Info Disclosure
Aug 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-55673 MEDIUM
Apache Superset <4.1.3 - Info Disclosure
Aug 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-55672 MEDIUM
Apache Superset < 5.0.0 - Authenticated Stored Cross-Site Scripting in Chart Column Label
Aug 14, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-54472 HIGH
Apache bRPC < 1.14.1 - Denial of Service via Redis Protocol Parser Memory Allocation
Aug 14, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-55668 MEDIUM
Apache Tomcat <11.0.7, <10.1.41, <9.0.105 - Session Fixation
Aug 13, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48989 HIGH
Apache Tomcat <11.0.10, 10.1.44, 9.0.108 - Improper Resource Shutdown
Aug 13, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-53606 CRITICAL
Apache Seata <2.5.0 - Deserialization
Aug 08, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-48913 CRITICAL
Apache CXF < 3.6.8 - Remote Code Execution via JMS Configuration
Aug 08, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-24854 MEDIUM
Apache JSPWiki < 2.12.3 - Cross-Site Scripting via Image Plugin
Jul 31, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-24853 HIGH
Apache JSPWiki < 2.12.3 - Stored Cross-Site Scripting via Wiki Markup Header Link
Jul 31, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54656 MEDIUM
Apache Struts Extras <2 - Info Disclosure
Jul 30, 2025
CVSS 6.5
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV