apache

2,899 tracked vulnerabilities.

CVE-2025-3891 HIGH
Apache HTTP Server - Denial of Service via Empty POST Request with OIDCPreservePost Enabled
Apr 29, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-31651 CRITICAL
Apache Tomcat 9.0.0-9.0.102, 10.1.0-M1-10.1.39, 11.0.0-M1-11.0.5 - Security Constraint Bypass
Apr 28, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-31650 HIGH
Apache Tomcat 9.0.76-9.0.102, 10.1.10-10.1.39, 11.0.0-M2-11.0.5 - Denial of Service via HTTP Priority Header Memory Leak
Apr 28, 2025
CVSS 7.5
EPSS 0.10
CVE-2025-27820 HIGH
Apache HttpClient 5.4-5.4.2 - Improper Certificate Validation in PSL Domain Check Logic
Apr 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-26413 HIGH
Apache Kvrocks <= 2.11.1 - Denial of Service via SETRANGE Command Offset Validation
Apr 22, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-29953 CRITICAL
Apache ActiveMQ NMS OpenWire Client <2.1.1 - Deserialization
Apr 18, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-24859 HIGH
Apache Roller <6.1.5 - Info Disclosure
Apr 14, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-27391 MEDIUM
Apache ActiveMQ Artemis <2.40.0 - Info Disclosure
Apr 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-31672 MEDIUM
Apache POI < 5.4.0 - Improper Input Validation in OOXML File Parsing
Apr 09, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-30677 MEDIUM
Apache Pulsar < 3.0.11, 3.3.6, 4.0.4 - Sensitive Information Exposure in Kafka Connector Logs
Apr 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-30473 HIGH
Apache Airflow Common SQL Provider - SQL Injection
Apr 07, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-30676 MEDIUM
Apache OFBiz < 18.12.19 - Cross-Site Scripting
Apr 01, 2025
CVSS 6.1
EPSS 0.03
CVE-2025-30177 MEDIUM
Apache Camel <4.10.3, <4.8.6 - Command Injection
Apr 01, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-30065 CRITICAL
Apache Parquet Java < 1.15.1 - Remote Code Execution via Schema Parsing
Apr 01, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-29868 MEDIUM
Apache Answer <1.4.2 - Info Disclosure
Apr 01, 2025
CVSS 6.5
EPSS 0.02
CVE-2025-27427 MEDIUM
Apache ActiveMQ Artemis - Privilege Escalation
Apr 01, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-30067 HIGH
Apache Kylin <5.0.1 - Code Injection
Mar 27, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-30474 MEDIUM
Apache Commons VFS <2.10.0 - Info Disclosure
Mar 23, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-27553 HIGH
Apache Commons VFS < 2.10.0 - Relative Path Traversal via Encoded Dot-Dot-Slash Sequences
Mar 23, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-26796 MEDIUM
Apache Oozie - Cross-Site Scripting
Mar 22, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-27888 MEDIUM NUCLEI
Apache Druid - Server-Side Request Forgery
Mar 20, 2025
CVSS 5.4
EPSS 0.02
CVE-2025-27018 MEDIUM
Apache Airflow MySQL Provider <6.2.0 - SQL Injection
Mar 19, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-27017 MEDIUM
Apache NiFi <2.3.0 - Info Disclosure
Mar 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-27867 MEDIUM
Apache Felix HTTP Webconsole Plugin 1.X-1.2.0 - Cross-Site Scripting
Mar 12, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-29891 MEDIUM
Apache Camel <4.10.2-<4.8.5-<3.22.4 - Command Injection
Mar 12, 2025
CVSS 4.8
EPSS 0.01
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV