apache

2,899 tracked vulnerabilities.

CVE-2025-54090 MEDIUM
Apache HTTP Server <2.4.64 - Info Disclosure
Jul 23, 2025
CVSS 6.3
EPSS 0.01
CVE-2025-50151 HIGH
Apache Jena <5.4.0 - Info Disclosure
Jul 21, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-49656 HIGH
Apache Jena < 5.5.0 - Authenticated Path Traversal via Database File Creation
Jul 21, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-48795 MEDIUM
Apache CXF < 3.5.11, 3.6.6, 4.0.7, 4.1.1 - Denial of Service via Temporary File Logging
Jul 15, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-53689 HIGH
Apache Jackrabbit <2.23.2 - Blind XXE
Jul 14, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-48924 MEDIUM
Apache Commons Lang <3.18.0 - Uncontrolled Recursion
Jul 11, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-53506 HIGH
Apache Tomcat <11.0.9, <10.1.43, <9.0.107 - Uncontrolled Resource C...
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-52520 HIGH
Apache Tomcat 9.0.0-9.0.106, 10.1.0-M1-10.1.42, 11.0.0-M1-11.0.8 DoS via Multipart Upload Integer Overflow
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-52434 HIGH
Apache Tomcat 9.0.0-9.0.106 - Race Condition in APR/Native Connector
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-53020 HIGH
Apache HTTP Server 2.4.17-2.4.63 - Use-After-Free
Jul 10, 2025
CVSS 7.5
EPSS 0.03
CVE-2025-49812 HIGH
Apache HTTP Server < 2.4.64 - HTTP Session Hijacking via TLS Upgrade Desynchronization
Jul 10, 2025
CVSS 7.4
EPSS 0.00
CVE-2025-49630 HIGH
Apache HTTP Server 2.4.26-2.4.63 - Denial of Service via mod_proxy_http2 Assertion
Jul 10, 2025
CVSS 7.5
EPSS 0.03
CVE-2025-23048 CRITICAL
Apache HTTP Server 2.4.35-2.4.63 - Access Control Bypass via TLS 1.3 Session Resumption
Jul 10, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-27446 HIGH
Apache APISIX(java-plugin-runner) - Privilege Escalation
Jul 06, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-46647 MEDIUM
Apache APISIX < 3.12.0 - Authentication Bypass in OpenID-Connect Plugin via Issuer Confusion
Jul 02, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-32897 CRITICAL
Apache Seata 2.0.0-2.3.0 - Deserialization of Untrusted Data in Raft Cluster Mode
Jun 28, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-50213 CRITICAL
Apache Airflow Providers Snowflake <6.4.0 - Special Element Injection
Jun 24, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-32896 MEDIUM
Apache SeaTunnel <= 2.3.10 - Unauthenticated Arbitrary File Read and Deserialization via Hazelcast REST API
Jun 19, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-49763 HIGH
Apache Traffic Server 9.0.0-9.2.10 and 10.0.0-10.0.5 - Uncontrolled Resource Consumption in ESI Plugin
Jun 19, 2025
CVSS 7.5
EPSS 0.03
CVE-2025-31698 HIGH
Apache Traffic Server <9.2.10, <10.0.6 - Info Disclosure
Jun 19, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-49125 HIGH
Apache Tomcat 9.0.0-9.0.105, 10.1.0-M1-10.1.41, 11.0.0-M1-11.0.7 - Authentication Bypass
Jun 16, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-49124 HIGH
Apache Tomcat 9.0.23-9.0.105, 10.1.0-10.1.41, 11.0.0-M1-11.0.7 - Untrusted Search Path via icacls.exe
Jun 16, 2025
CVSS 8.4
EPSS 0.00
CVE-2025-48988 HIGH
Apache Tomcat - Allocation of Resources Without Limits or Throttling
Jun 16, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-48976 HIGH
Apache Commons FileUpload <1.6-2.0.0-M4 - DoS
Jun 16, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-47869 CRITICAL
Apache NuttX RTOS 6.22-12.9.0 - Buffer Overflow in XMLRPC Example Application
Jun 16, 2025
CVSS 9.8
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV