apache

3,084 tracked vulnerabilities.

CVE-2025-55673 MEDIUM
Apache Superset <4.1.3 - Info Disclosure
Aug 14, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-55672 MEDIUM
Apache Superset < 5.0.0 - Authenticated Stored Cross-Site Scripting in Chart Column Label
Aug 14, 2025
CVSS 5.4
EPSS 0.01
CVE-2025-54472 HIGH
Apache bRPC < 1.14.1 - Denial of Service via Redis Protocol Parser Memory Allocation
Aug 14, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-55668 MEDIUM
Apache Tomcat <11.0.7, <10.1.41, <9.0.105 - Session Fixation
Aug 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-48989 HIGH
Apache Tomcat <11.0.10, 10.1.44, 9.0.108 - Improper Resource Shutdown
Aug 13, 2025
CVSS 7.5
EPSS 0.04
CVE-2025-53606 CRITICAL
Apache Seata <2.5.0 - Deserialization
Aug 08, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-48913 CRITICAL
Apache CXF < 3.6.8 - Remote Code Execution via JMS Configuration
Aug 08, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-24854 MEDIUM
Apache JSPWiki < 2.12.3 - Cross-Site Scripting via Image Plugin
Jul 31, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-24853 HIGH
Apache JSPWiki < 2.12.3 - Stored Cross-Site Scripting via Wiki Markup Header Link
Jul 31, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-54656 MEDIUM
Apache Struts Extras <2 - Info Disclosure
Jul 30, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-54090 MEDIUM
Apache HTTP Server <2.4.64 - Info Disclosure
Jul 23, 2025
CVSS 6.3
EPSS 0.01
CVE-2025-50151 HIGH
Apache Jena <5.4.0 - Info Disclosure
Jul 21, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-49656 HIGH
Apache Jena < 5.5.0 - Authenticated Path Traversal via Database File Creation
Jul 21, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-48795 MEDIUM
Apache CXF < 3.5.11, 3.6.6, 4.0.7, 4.1.1 - Denial of Service via Temporary File Logging
Jul 15, 2025
CVSS 5.6
EPSS 0.01
CVE-2025-53689 HIGH
Apache Jackrabbit <2.23.2 - Blind XXE
Jul 14, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-48924 MEDIUM
Apache Commons Lang <3.18.0 - Uncontrolled Recursion
Jul 11, 2025
CVSS 5.3
EPSS 0.02
CVE-2025-53506 HIGH
Apache Tomcat <11.0.9, <10.1.43, <9.0.107 - Uncontrolled Resource C...
Jul 10, 2025
CVSS 7.5
EPSS 0.02
CVE-2025-52520 HIGH
Apache Tomcat 9.0.0-9.0.106, 10.1.0-M1-10.1.42, 11.0.0-M1-11.0.8 DoS via Multipart Upload Integer Overflow
Jul 10, 2025
CVSS 7.5
EPSS 0.02
CVE-2025-52434 HIGH
Apache Tomcat 9.0.0-9.0.106 - Race Condition in APR/Native Connector
Jul 10, 2025
CVSS 7.5
EPSS 0.02
CVE-2025-53020 HIGH
Apache HTTP Server 2.4.17-2.4.63 - Use-After-Free
Jul 10, 2025
CVSS 7.5
EPSS 0.04
CVE-2025-49812 HIGH
Apache HTTP Server < 2.4.64 - HTTP Session Hijacking via TLS Upgrade Desynchronization
Jul 10, 2025
CVSS 7.4
EPSS 0.01
CVE-2025-49630 HIGH
Apache HTTP Server 2.4.26-2.4.63 - Denial of Service via mod_proxy_http2 Assertion
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-23048 CRITICAL
Apache HTTP Server 2.4.35-2.4.63 - Access Control Bypass via TLS 1.3 Session Resumption
Jul 10, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-27446 HIGH
Apache APISIX(java-plugin-runner) - Privilege Escalation
Jul 06, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-46647 MEDIUM
Apache APISIX < 3.12.0 - Authentication Bypass in OpenID-Connect Plugin via Issuer Confusion
Jul 02, 2025
CVSS 5.3
EPSS 0.00