apache

3,082 tracked vulnerabilities.

CVE-2026-48205 CRITICAL
Apache Camel DNS - Server-Side Request Forgery via DNS Headers
Jul 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-48204 CRITICAL
Apache Camel MongoDB GridFS - GridFS Operation Override
Jul 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-48203 CRITICAL
Apache Camel Solr - Server-Side Request Forgery via SolrParam Headers
Jul 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-46726 HIGH
Apache Camel Vertx Websocket - Server-Side Request Forgery via Query Parameters
Jul 06, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-46592 HIGH
Apache Camel CXF - SOAP Operation Redirection via Headers
Jul 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46591 HIGH
Apache Camel Neo4j - Cypher Injection via JSON Property Names
Jul 06, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-46590 HIGH
Apache Camel PQC - Key Metadata Deserialization
Jul 06, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-46585 HIGH
Apache Camel Lucene 4.14.8, 4.18.3, and 4.21.0 - Authorization Bypass
Jul 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46584 LOW
Apache Camel Mail: The mail producer applied attacker-supplied message headers as JavaMail session properties, allowing an attacker to influence SMTP parameters
Jul 06, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-46457 HIGH
Apache Camel NATS - Camel Control Header Injection
Jul 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46456 CRITICAL
Apache Camel AWS2-SQS - Camel Control Header Injection
Jul 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-46455 CRITICAL
Apache Camel Keycloak - Expired Token Acceptance
Jul 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-46454 CRITICAL
Apache Camel CometD - Unauthenticated Camel Control Header Injection
Jul 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-46453 MEDIUM
Apache Camel 4.14.8, 4.18.3, and 4.21.0 - Authorization Bypass
Jul 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-43867 CRITICAL
Apache Camel PQC - AWS Secrets Manager Metadata Deserialization
Jul 06, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-43866 HIGH
Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder
Jul 06, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-43865 HIGH
Apache Camel: Camel-Hazelcast: Unsafe Java deserialization in default-configured managed Hazelcast instances enables remote code execution
Jul 06, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-42527 HIGH
Apache Camel: Permissive default ObjectInputFilter pattern admits java.net.** and enables DNS-based information disclosure
Jul 06, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-40859 HIGH
Apache Camel: Camel-Vertx-Http: Unsafe Java deserialization of HTTP response bodies via a raw ObjectInputStream when transferException is enabled
Jul 06, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-40047 CRITICAL
Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argument injection and path traversal in DoclingProducer
Jul 06, 2026
CVSS 9.1
EPSS 0.02
CVE-2026-24014 CRITICAL
Apache IoTDB: Path Traversal in DataNode Internal RPC Trigger JAR Upload Allows Arbitrary File Write
Jul 06, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-24013 CRITICAL
Apache IoTDB: Authentication Bypass via Forged SessionID in Thrift RPC
Jul 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-24012 HIGH
Apache IoTDB: Denial of Service via Resource Exhaustion in Aggregation Query
Jul 06, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-47896 HIGH
Apache Lucene.Net: Unauthenticated arbitrary file read on the Lucene.Net.Replicator replication server
Jul 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-47898 CRITICAL
Apache Lucene.Net Analysis.Common PatternParser - XML External Entity Injection
Jul 03, 2026
CVSS 9.8
EPSS 0.00