apache
3,084 tracked vulnerabilities.
CVE-2025-54057
MEDIUM
Apache SkyWalking <= 10.2.0 - Cross-Site Scripting
Nov 27, 2025
CVSS 6.1
EPSS 0.01
CVE-2025-62728
MEDIUM
Apache Hive 4.1.0-4.1.9 - Authenticated SQL Injection via Thrift API Delete Column Statistics Request
Nov 26, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-59390
CRITICAL
Apache Druid <= 34.0.0 - Weak Cookie Signature Secret via ThreadLocalRandom
Nov 26, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-65998
HIGH
Apache Syncope 2.1.0-2.1.13 and 4.0.0-4.0.2 - Use of Hard-coded Cryptographic Key
Nov 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-64408
MEDIUM
Apache Causeway < 3.5.0 - Authenticated Remote Code Execution via URL Parameter Deserialization
Nov 19, 2025
CVSS 6.3
EPSS 0.09
CVE-2025-64407
MEDIUM
Apache OpenOffice <= 4.1.15 - Information Disclosure via External Link URI Scheme
Nov 12, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-61623
MEDIUM
Apache OFBiz < 24.09.03 - Reflected Cross-Site Scripting
Nov 12, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-59118
HIGH
Apache OFBiz < 24.09.03 - Unrestricted Upload of File with Dangerous Type
Nov 12, 2025
CVSS 7.3
EPSS 0.02
CVE-2025-64406
MEDIUM
Apache OpenOffice <= 4.1.15 - Out-of-bounds Write
Nov 12, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-64405
HIGH
Apache OpenOffice <= 4.1.15 - Unauthenticated External Link Loading via DDE Links
Nov 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-64404
HIGH
Apache OpenOffice <= 4.1.15 - Missing Authorization for External Link Loading
Nov 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-64403
HIGH
Apache OpenOffice <= 4.1.15 - Missing Authorization for External Data Source Links
Nov 12, 2025
CVSS 8.1
EPSS 0.01
CVE-2025-64402
MEDIUM
Apache OpenOffice <= 4.1.15 - Missing Authorization for External Link Loading
Nov 12, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-64401
HIGH
Apache OpenOffice <= 4.1.15 - Missing Authorization for External Link Loading
Nov 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-58337
MEDIUM
Doris MCP Server <0.6.0 - Auth Bypass
Nov 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-62232
HIGH
Apache APISIX < 3.14.0 - Sensitive Data Exposure via Basic-Auth Logging
Oct 31, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-62503
MEDIUM
Apache Airflow 3.0.0 through 3.1.1 - Privilege Escalation
Oct 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-62402
MEDIUM
Apache Airflow 3.0.0-3.1.0 - Unauthenticated Remote Code Execution via /api/v2/dagReports
Oct 30, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-54941
MEDIUM
Apache Airflow 3.0.0-3.0.5 - OS Command Injection via Example DAG Decorator
Oct 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-61795
MEDIUM
Apache Tomcat 8.5.0-8.5.100, 9.0.0.M1-9.0.109, 10.1.0.M1-10.1.46, 11.0.0-M1-11.0.11 - DoS via Uncleaned Multipart Upload
Oct 27, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-55754
CRITICAL
Apache Tomcat 11.0.0-M1-11.0.10, 10.1.0-M1-10.1.44, 9.0.40-9.0.108 - ANSI Escape Sequence Injection
Oct 27, 2025
CVSS 9.6
EPSS 0.10
CVE-2025-55752
HIGH
Apache Tomcat 8.5.6-8.5.100, 9.0.0.M11-9.0.108, 10.1.0-M1-10.1.44, 11.0.0-M1-11.0.10 - RCE via URI Rewrite Bypass
Oct 27, 2025
CVSS 7.5
EPSS 0.67
CVE-2025-58712
MEDIUM
Apache ActiveMQ Artemis - Container Privilege Escalation via Group-Writable /etc/passwd
Oct 22, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-57738
HIGH
Apache Syncope 2.1.0-3.0.13 - Authenticated Remote Code Execution via Groovy Class Injection
Oct 20, 2025
CVSS 7.2
EPSS 0.23
CVE-2025-47410
HIGH
Apache Geode 1.10.0-1.15.1 - Cross-Site Request Forgery via Management and Monitoring REST API
Oct 18, 2025
CVSS 8.8
EPSS 0.00
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters