apache
3,084 tracked vulnerabilities.
CVE-2025-47411
HIGH
Apache StreamPipes <= 0.97.0 - Privilege Escalation via JWT Token Manipulation
Jan 01, 2026
CVSS 8.1
EPSS 0.15
CVE-2025-66524
HIGH
Apache NiFi <2.6.0 - Deserialization
Dec 19, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-68161
MEDIUM
Apache Log4j Core <2.25.2 - SSL Verification Bypass
Dec 18, 2025
CVSS 4.8
EPSS 0.01
CVE-2025-67895
CRITICAL
Apache Airflow Providers Edge3 < 2.0.0 - Remote Code Execution via Edge3 Worker RPC
Dec 17, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-66388
MEDIUM
Apache Airflow <3.1.4 - Info Disclosure
Dec 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-53960
MEDIUM
Apache StreamPark <2.1.7 - Privilege Escalation
Dec 12, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-54981
HIGH
Apache StreamPark 2.0.0-2.1.6 - Weak Encryption Algorithm via AES-ECB Mode
Dec 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54947
CRITICAL
Apache StreamPark 2.0.0-2.1.7 - Use of Hard-coded Cryptographic Key
Dec 12, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-58137
HIGH
Apache Fineract <= 1.11.0 - Authorization Bypass Through User-Controlled Key
Dec 12, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-58130
CRITICAL
Apache Fineract <= 1.11.0 - Insufficiently Protected Credentials
Dec 12, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-26866
HIGH
Apache HugeGraph < 1.7.0 - Remote Code Execution via Hessian Deserialization
Dec 12, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-23408
MEDIUM
Apache Fineract <1.10.1 - Info Disclosure
Dec 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-66675
HIGH
Apache Struts 2.0.0-6.7.4, 7.0.0-7.0.3 - Denial of Service via Multipart Request File Leak
Dec 10, 2025
CVSS 8.2
EPSS 0.01
CVE-2025-58098
HIGH
Apache HTTP Server <2.4.66 - Command Injection
Dec 05, 2025
CVSS 8.3
EPSS 0.02
CVE-2025-66200
MEDIUM
Apache HTTP Server <2.4.66 - Auth Bypass
Dec 05, 2025
CVSS 5.4
EPSS 0.01
CVE-2025-65082
MEDIUM
Apache HTTP Server 2.4.0-2.4.65 - Environment Variable Injection via CGI Configuration
Dec 05, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-59775
HIGH
Apache HTTP Server 2.4.0-2.4.65 - Server-Side Request Forgery via AllowEncodedSlashes and MergeSlashes Configuration
Dec 05, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-55753
HIGH
Apache HTTP Server 2.4.30-2.4.65 - Integer Overflow in ACME Certificate Renewal Backoff Timer
Dec 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-66516
HIGH
NUCLEI
Apache Tika 1.13-3.2.1 and tika-parsers 1.13-1.28.5 - XML External Entity Injection via Crafted XFA in PDF
Dec 04, 2025
CVSS 8.4
EPSS 0.80
CVE-2025-64775
HIGH
Apache Struts 2.0.0-6.7.0 and 7.0.0-7.0.3 - Denial of Service via Multipart Request Processing
Dec 01, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-59789
HIGH
Apache bRPC < 1.15.0 - Denial of Service via Deep Recursive JSON Data in json2pb Component
Dec 01, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-59792
MEDIUM
Apache Kvrocks 1.0.0-2.13.0 - Cleartext Storage of Sensitive Information in MONITOR Command
Nov 28, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-59790
MEDIUM
Apache Kvrocks 2.9.0-2.13.0 - Improper Privilege Management
Nov 28, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-59454
MEDIUM
Apache CloudStack 4.0.0-4.20.1.9 - Authenticated Exposure of Sensitive Information via API Permission Bypass
Nov 27, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-59302
MEDIUM
Apache CloudStack 4.18.0-4.20.1 and 4.21.0-4.21.9 - Authenticated Code Injection via Admin APIs
Nov 27, 2025
CVSS 4.7
EPSS 0.00
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters