apache

3,084 tracked vulnerabilities.

CVE-2025-47411 HIGH
Apache StreamPipes <= 0.97.0 - Privilege Escalation via JWT Token Manipulation
Jan 01, 2026
CVSS 8.1
EPSS 0.15
CVE-2025-66524 HIGH
Apache NiFi <2.6.0 - Deserialization
Dec 19, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-68161 MEDIUM
Apache Log4j Core <2.25.2 - SSL Verification Bypass
Dec 18, 2025
CVSS 4.8
EPSS 0.01
CVE-2025-67895 CRITICAL
Apache Airflow Providers Edge3 < 2.0.0 - Remote Code Execution via Edge3 Worker RPC
Dec 17, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-66388 MEDIUM
Apache Airflow <3.1.4 - Info Disclosure
Dec 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-53960 MEDIUM
Apache StreamPark <2.1.7 - Privilege Escalation
Dec 12, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-54981 HIGH
Apache StreamPark 2.0.0-2.1.6 - Weak Encryption Algorithm via AES-ECB Mode
Dec 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54947 CRITICAL
Apache StreamPark 2.0.0-2.1.7 - Use of Hard-coded Cryptographic Key
Dec 12, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-58137 HIGH
Apache Fineract <= 1.11.0 - Authorization Bypass Through User-Controlled Key
Dec 12, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-58130 CRITICAL
Apache Fineract <= 1.11.0 - Insufficiently Protected Credentials
Dec 12, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-26866 HIGH
Apache HugeGraph < 1.7.0 - Remote Code Execution via Hessian Deserialization
Dec 12, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-23408 MEDIUM
Apache Fineract <1.10.1 - Info Disclosure
Dec 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-66675 HIGH
Apache Struts 2.0.0-6.7.4, 7.0.0-7.0.3 - Denial of Service via Multipart Request File Leak
Dec 10, 2025
CVSS 8.2
EPSS 0.01
CVE-2025-58098 HIGH
Apache HTTP Server <2.4.66 - Command Injection
Dec 05, 2025
CVSS 8.3
EPSS 0.02
CVE-2025-66200 MEDIUM
Apache HTTP Server <2.4.66 - Auth Bypass
Dec 05, 2025
CVSS 5.4
EPSS 0.01
CVE-2025-65082 MEDIUM
Apache HTTP Server 2.4.0-2.4.65 - Environment Variable Injection via CGI Configuration
Dec 05, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-59775 HIGH
Apache HTTP Server 2.4.0-2.4.65 - Server-Side Request Forgery via AllowEncodedSlashes and MergeSlashes Configuration
Dec 05, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-55753 HIGH
Apache HTTP Server 2.4.30-2.4.65 - Integer Overflow in ACME Certificate Renewal Backoff Timer
Dec 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-66516 HIGH NUCLEI
Apache Tika 1.13-3.2.1 and tika-parsers 1.13-1.28.5 - XML External Entity Injection via Crafted XFA in PDF
Dec 04, 2025
CVSS 8.4
EPSS 0.80
CVE-2025-64775 HIGH
Apache Struts 2.0.0-6.7.0 and 7.0.0-7.0.3 - Denial of Service via Multipart Request Processing
Dec 01, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-59789 HIGH
Apache bRPC < 1.15.0 - Denial of Service via Deep Recursive JSON Data in json2pb Component
Dec 01, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-59792 MEDIUM
Apache Kvrocks 1.0.0-2.13.0 - Cleartext Storage of Sensitive Information in MONITOR Command
Nov 28, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-59790 MEDIUM
Apache Kvrocks 2.9.0-2.13.0 - Improper Privilege Management
Nov 28, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-59454 MEDIUM
Apache CloudStack 4.0.0-4.20.1.9 - Authenticated Exposure of Sensitive Information via API Permission Bypass
Nov 27, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-59302 MEDIUM
Apache CloudStack 4.18.0-4.20.1 and 4.21.0-4.21.9 - Authenticated Code Injection via Admin APIs
Nov 27, 2025
CVSS 4.7
EPSS 0.00