apache
3,082 tracked vulnerabilities.
CVE-2026-48205
CRITICAL
Apache Camel DNS - Server-Side Request Forgery via DNS Headers
Jul 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-48204
CRITICAL
Apache Camel MongoDB GridFS - GridFS Operation Override
Jul 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-48203
CRITICAL
Apache Camel Solr - Server-Side Request Forgery via SolrParam Headers
Jul 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-46726
HIGH
Apache Camel Vertx Websocket - Server-Side Request Forgery via Query Parameters
Jul 06, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-46592
HIGH
Apache Camel CXF - SOAP Operation Redirection via Headers
Jul 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46591
HIGH
Apache Camel Neo4j - Cypher Injection via JSON Property Names
Jul 06, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-46590
HIGH
Apache Camel PQC - Key Metadata Deserialization
Jul 06, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-46585
HIGH
Apache Camel Lucene 4.14.8, 4.18.3, and 4.21.0 - Authorization Bypass
Jul 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46584
LOW
Apache Camel Mail: The mail producer applied attacker-supplied message headers as JavaMail session properties, allowing an attacker to influence SMTP parameters
Jul 06, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-46457
HIGH
Apache Camel NATS - Camel Control Header Injection
Jul 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46456
CRITICAL
Apache Camel AWS2-SQS - Camel Control Header Injection
Jul 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-46455
CRITICAL
Apache Camel Keycloak - Expired Token Acceptance
Jul 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-46454
CRITICAL
Apache Camel CometD - Unauthenticated Camel Control Header Injection
Jul 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-46453
MEDIUM
Apache Camel 4.14.8, 4.18.3, and 4.21.0 - Authorization Bypass
Jul 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-43867
CRITICAL
Apache Camel PQC - AWS Secrets Manager Metadata Deserialization
Jul 06, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-43866
HIGH
Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder
Jul 06, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-43865
HIGH
Apache Camel: Camel-Hazelcast: Unsafe Java deserialization in default-configured managed Hazelcast instances enables remote code execution
Jul 06, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-42527
HIGH
Apache Camel: Permissive default ObjectInputFilter pattern admits java.net.** and enables DNS-based information disclosure
Jul 06, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-40859
HIGH
Apache Camel: Camel-Vertx-Http: Unsafe Java deserialization of HTTP response bodies via a raw ObjectInputStream when transferException is enabled
Jul 06, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-40047
CRITICAL
Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argument injection and path traversal in DoclingProducer
Jul 06, 2026
CVSS 9.1
EPSS 0.02
CVE-2026-24014
CRITICAL
Apache IoTDB: Path Traversal in DataNode Internal RPC Trigger JAR Upload Allows Arbitrary File Write
Jul 06, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-24013
CRITICAL
Apache IoTDB: Authentication Bypass via Forged SessionID in Thrift RPC
Jul 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-24012
HIGH
Apache IoTDB: Denial of Service via Resource Exhaustion in Aggregation Query
Jul 06, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-47896
HIGH
Apache Lucene.Net: Unauthenticated arbitrary file read on the Lucene.Net.Replicator replication server
Jul 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-47898
CRITICAL
Apache Lucene.Net Analysis.Common PatternParser - XML External Entity Injection
Jul 03, 2026
CVSS 9.8
EPSS 0.00
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters