apache

2,899 tracked vulnerabilities.

CVE-2025-47868 CRITICAL
Apache NuttX 6.9-12.9.0 - Heap-based Buffer Overflow in BDF-Converter Font Utility
Jun 16, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-30675 MEDIUM
Apache CloudStack 4.0.0-4.19.2.0 - Unauthorized Information Disclosure via listTemplates and listIsos APIs
Jun 11, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-47849 HIGH
Apache CloudStack 4.10.0.0-4.20.0.0 - Privilege Escalation via Domain Admin API Key Theft
Jun 10, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-47713 HIGH
Apache CloudStack 4.10.0.0-4.20.0.0 - Privilege Escalation via Domain Admin Password Reset
Jun 10, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-26521 HIGH
Apache CloudStack 4.17.0.0-4.19.2.0 - Exposure of Sensitive Information via CKS Kubernetes Cluster Secret Config
Jun 10, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-22829 MEDIUM
Apache CloudStack 4.20.0.0 - Authenticated Privilege Escalation via Quota Plugin
Jun 10, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-27819 HIGH
Apache Kafka 2.0.0-3.3.2 and 3.4.0 - Remote Code Execution via SASL JAAS JndiLoginModule Configuration
Jun 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27818 HIGH
Apache Kafka 2.3.0-3.9.0 - Authenticated Remote Code Execution via SASL JAAS LDAP Deserialization
Jun 10, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-27817 HIGH NUCLEI
Apache Kafka Client - Arbitrary File Read
Jun 10, 2025
CVSS 7.5
EPSS 0.21
CVE-2025-27531 CRITICAL
Apache InLong <2.1.0 - Deserialization
Jun 06, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-46548 MEDIUM
Pekko Management <1.1.1 - Auth Bypass
Jun 03, 2025
CVSS 6.5
EPSS 0.02
CVE-2025-48912 MEDIUM
Apache Superset <4.1.2 - Privilege Escalation
May 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-46701 HIGH
Apache Tomcat <11.0.6 - Security Constraint Bypass
May 29, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-48734 HIGH
Apache Commons <2.0.0 - Info Disclosure
May 28, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-27528 CRITICAL
Apache InLong <2.2.0 - Deserialization
May 28, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-27526 MEDIUM
Apache InLong <2.2.0 - Deserialization
May 28, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-27522 MEDIUM
Apache InLong <2.2.0 - Deserialization
May 28, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-35003 CRITICAL
Apache NuttX 7.25-12.9.0 - Stack-based Buffer Overflow in Bluetooth HCI/UART Stack
May 26, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-47436 CRITICAL
Apache ORC < 1.8.9, 1.9.0-1.9.5, 2.0.0-2.0.4, 2.1.0-2.1.1 - Heap-based Buffer Overflow in C++ LZO Decompression
May 14, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-26864 HIGH
Apache IoTDB 0.10.0-1.3.3 and 2.0.1-beta - Sensitive Information Exposure via OpenIdAuthorizer
May 14, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-26795 HIGH
Apache IoTDB JDBC Driver 0.10.0-1.3.3 and 2.0.1-beta - Sensitive Information Exposure via Log File Insertion
May 14, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-27696 HIGH
Apache Superset <= 4.1.1 - Authenticated Ownership Takeover via Dashboard Chart or Dataset
May 13, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-46392 MEDIUM
Apache Commons Configuration 1.x - Uncontrolled Resource Consumption
May 09, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-27533 HIGH
Apache ActiveMQ 5.16.0-5.16.7, 5.17.0-5.17.6, 5.18.0-5.18.6 - Denial of Service via OpenWire Buffer Size Validation
May 07, 2025
CVSS 7.5
EPSS 0.02
CVE-2025-46762 HIGH
Apache Parquet < 1.15.2 - Remote Code Execution via Parquet-Avro Schema Parsing
May 06, 2025
CVSS 8.1
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV