apache

3,084 tracked vulnerabilities.

CVE-2025-54057 MEDIUM
Apache SkyWalking <= 10.2.0 - Cross-Site Scripting
Nov 27, 2025
CVSS 6.1
EPSS 0.01
CVE-2025-62728 MEDIUM
Apache Hive 4.1.0-4.1.9 - Authenticated SQL Injection via Thrift API Delete Column Statistics Request
Nov 26, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-59390 CRITICAL
Apache Druid <= 34.0.0 - Weak Cookie Signature Secret via ThreadLocalRandom
Nov 26, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-65998 HIGH
Apache Syncope 2.1.0-2.1.13 and 4.0.0-4.0.2 - Use of Hard-coded Cryptographic Key
Nov 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-64408 MEDIUM
Apache Causeway < 3.5.0 - Authenticated Remote Code Execution via URL Parameter Deserialization
Nov 19, 2025
CVSS 6.3
EPSS 0.09
CVE-2025-64407 MEDIUM
Apache OpenOffice <= 4.1.15 - Information Disclosure via External Link URI Scheme
Nov 12, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-61623 MEDIUM
Apache OFBiz < 24.09.03 - Reflected Cross-Site Scripting
Nov 12, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-59118 HIGH
Apache OFBiz < 24.09.03 - Unrestricted Upload of File with Dangerous Type
Nov 12, 2025
CVSS 7.3
EPSS 0.02
CVE-2025-64406 MEDIUM
Apache OpenOffice <= 4.1.15 - Out-of-bounds Write
Nov 12, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-64405 HIGH
Apache OpenOffice <= 4.1.15 - Unauthenticated External Link Loading via DDE Links
Nov 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-64404 HIGH
Apache OpenOffice <= 4.1.15 - Missing Authorization for External Link Loading
Nov 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-64403 HIGH
Apache OpenOffice <= 4.1.15 - Missing Authorization for External Data Source Links
Nov 12, 2025
CVSS 8.1
EPSS 0.01
CVE-2025-64402 MEDIUM
Apache OpenOffice <= 4.1.15 - Missing Authorization for External Link Loading
Nov 12, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-64401 HIGH
Apache OpenOffice <= 4.1.15 - Missing Authorization for External Link Loading
Nov 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-58337 MEDIUM
Doris MCP Server <0.6.0 - Auth Bypass
Nov 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-62232 HIGH
Apache APISIX < 3.14.0 - Sensitive Data Exposure via Basic-Auth Logging
Oct 31, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-62503 MEDIUM
Apache Airflow 3.0.0 through 3.1.1 - Privilege Escalation
Oct 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-62402 MEDIUM
Apache Airflow 3.0.0-3.1.0 - Unauthenticated Remote Code Execution via /api/v2/dagReports
Oct 30, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-54941 MEDIUM
Apache Airflow 3.0.0-3.0.5 - OS Command Injection via Example DAG Decorator
Oct 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-61795 MEDIUM
Apache Tomcat 8.5.0-8.5.100, 9.0.0.M1-9.0.109, 10.1.0.M1-10.1.46, 11.0.0-M1-11.0.11 - DoS via Uncleaned Multipart Upload
Oct 27, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-55754 CRITICAL
Apache Tomcat 11.0.0-M1-11.0.10, 10.1.0-M1-10.1.44, 9.0.40-9.0.108 - ANSI Escape Sequence Injection
Oct 27, 2025
CVSS 9.6
EPSS 0.10
CVE-2025-55752 HIGH
Apache Tomcat 8.5.6-8.5.100, 9.0.0.M11-9.0.108, 10.1.0-M1-10.1.44, 11.0.0-M1-11.0.10 - RCE via URI Rewrite Bypass
Oct 27, 2025
CVSS 7.5
EPSS 0.67
CVE-2025-58712 MEDIUM
Apache ActiveMQ Artemis - Container Privilege Escalation via Group-Writable /etc/passwd
Oct 22, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-57738 HIGH
Apache Syncope 2.1.0-3.0.13 - Authenticated Remote Code Execution via Groovy Class Injection
Oct 20, 2025
CVSS 7.2
EPSS 0.23
CVE-2025-47410 HIGH
Apache Geode 1.10.0-1.15.1 - Cross-Site Request Forgery via Management and Monitoring REST API
Oct 18, 2025
CVSS 8.8
EPSS 0.00