apache
2,899 tracked vulnerabilities.
CVE-2025-24813
CRITICAL
KEVNUCLEI
Tomcat Partial PUT Java Deserialization
Mar 10, 2025
CVSS 9.8
EPSS 0.94
CVE-2025-26865
LOW
Apache OFBiz <18.12.18 - Info Disclosure
Mar 10, 2025
CVSS 3.5
EPSS 0.01
CVE-2025-27636
MEDIUM
Apache Camel <4.10.2 - Command Injection
Mar 09, 2025
CVSS 5.6
EPSS 0.56
CVE-2025-25247
MEDIUM
Apache Felix Webconsole <4.9.8-5.0.8 - XSS
Feb 10, 2025
CVSS 6.1
EPSS 0.02
CVE-2025-25069
MEDIUM
Apache Kvrocks < 2.11.1 - Cross-Protocol Scripting via RESP Request Misinterpretation
Feb 07, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-24860
MEDIUM
Apache Cassandra <4.0.15, <4.1.7 - Auth Bypass
Feb 04, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-23015
HIGH
Apache Cassandra <4.1.8 - Privilege Escalation
Feb 04, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-24783
HIGH
Apache Cocoon - Insecure Continuation ID Generation via Predictable PRNG Seed
Jan 27, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-24814
MEDIUM
Apache Solr < 9.8.0 - Unauthenticated Privilege Escalation via Configset File Replacement
Jan 27, 2025
CVSS 5.5
EPSS 0.01
CVE-2025-23196
HIGH
Apache Ambari < 2.7.9 - Authenticated Remote Code Execution via Alert Script Filename
Jan 21, 2025
CVSS 8.8
EPSS 0.02
CVE-2025-23195
HIGH
Apache Ambari < 2.7.9 - XML External Entity Injection via DocumentBuilderFactory
Jan 21, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-23184
MEDIUM
Apache CXF < 3.5.10, 3.6.5, 4.0.6 - Denial of Service via Unclosed CachedOutputStream
Jan 21, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-22828
MEDIUM
Apache CloudStack >= 4.16.0.0 - Authenticated Exposure of Sensitive Information via Annotations API
Jan 13, 2025
CVSS 4.3
EPSS 0.18
CVE-2024-56373
HIGH
Airflow 2 - Privilege Escalation to RCE
Feb 24, 2026
CVSS 8.4
EPSS 0.00
CVE-2024-44088
MEDIUM
Apache Geode < 1.15.2 - Stored Cross-Site Scripting via REST Web API
Oct 14, 2025
CVSS 6.1
EPSS 0.00
CVE-2024-43166
CRITICAL
Apache DolphinScheduler <3.2.2 - Info Disclosure
Sep 03, 2025
CVSS 9.8
EPSS 0.00
CVE-2024-43115
HIGH
Apache DolphinScheduler <3.2.2 - RCE
Sep 03, 2025
CVSS 8.8
EPSS 0.00
CVE-2024-48988
HIGH
Apache StreamPark 2.1.4-2.1.5 - Authenticated SQL Injection
Aug 22, 2025
CVSS 7.6
EPSS 0.00
CVE-2024-39954
MEDIUM
Apache EventMesh < 1.12.0 - Server-Side Request Forgery via WebhookUtil
Aug 20, 2025
CVSS 6.3
EPSS 0.00
CVE-2024-51775
MEDIUM
Apache Zeppelin 0.11.1-0.11.9 - Missing Origin Validation in WebSockets
Aug 03, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-52279
MEDIUM
Apache Zeppelin <0.12.0 - Improper Input Validation
Aug 03, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-41177
MEDIUM
Apache Zeppelin < 0.12.0 - Cross-Site Scripting via Incomplete Blacklist
Aug 03, 2025
CVSS 6.1
EPSS 0.00
CVE-2024-41169
HIGH
Apache Zeppelin <0.12.0 - Info Disclosure
Jul 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-47252
HIGH
Apache HTTP Server <2.4.63 - Info Disclosure
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-43394
HIGH
Apache HTTP Server 2.4.0-2.4.63 - Server-Side Request Forgery via mod_rewrite or Apache Expressions
Jul 10, 2025
CVSS 7.5
EPSS 0.00
Products
http_server 317
tomcat 254
airflow 120
struts 90
traffic_server 82
ofbiz 74
superset 68
openoffice 60
activemq 57
subversion 47
nifi 46
solr 46
cloudstack 45
cxf 43
camel 40
hadoop 37
inlong 32
openmeetings 28
dolphinscheduler 27
ambari 26
tika 25
jspwiki 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
archiva 20
couchdb 20
Quick Filters