apache
3,084 tracked vulnerabilities.
CVE-2026-34487
HIGH
Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token
Apr 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-34486
HIGH
NUCLEI
Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor
Apr 09, 2026
CVSS 7.5
EPSS 0.22
CVE-2026-34483
HIGH
Apache Tomcat: Incomplete escaping of JSON access logs
Apr 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32990
MEDIUM
Apache Tomcat: Fix for CVE-2025-66614 is incomplete
Apr 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-29146
HIGH
Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default
Apr 09, 2026
CVSS 7.5
EPSS 0.05
CVE-2026-29145
CRITICAL
Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled
Apr 09, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-29129
HIGH
Apache Tomcat: TLS cipher order is not preserved
Apr 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-25854
MEDIUM
Apache Tomcat: Occasionally open redirect
Apr 09, 2026
CVSS 6.1
EPSS 0.01
CVE-2026-24880
HIGH
Apache Tomcat: Request smuggling via invalid chunk extension
Apr 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-34020
HIGH
Apache OpenMeetings: Login Credentials Passed via GET Query Parameters
Apr 09, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-33266
HIGH
Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt
Apr 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33005
MEDIUM
Apache OpenMeetings: Insufficient checks in FileWebService
Apr 09, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-34538
MEDIUM
Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)
Apr 09, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-32588
MEDIUM
Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing
Apr 07, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-27315
MEDIUM
Apache Cassandra: cqlsh history sensitive information leak
Apr 07, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-27314
HIGH
Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass
Apr 07, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-34197
HIGH
KEVNUCLEI
Apache ActiveMQ Broker, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
Apr 07, 2026
CVSS 8.8
EPSS 0.97
CVE-2026-33227
MEDIUM
Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ Web: Improper Limitation of a Pathname to a Restricted Classpath Directory
Apr 07, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-32794
MEDIUM
Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange
Mar 30, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-32642
MEDIUM
Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission
Mar 24, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-30911
HIGH
Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization
Mar 17, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28779
HIGH
Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications
Mar 17, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-28563
MEDIUM
Apache Airflow: DAG authorization bypass
Mar 17, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-26929
MEDIUM
Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata
Mar 17, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23907
MEDIUM
Apache PDFBox 2.0.24-2.0.35, 3.0.0-3.0.6 - Path Traversal
Mar 10, 2026
CVSS 5.3
EPSS 0.01
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters