apache
3,084 tracked vulnerabilities.
CVE-2025-55673
MEDIUM
Apache Superset <4.1.3 - Info Disclosure
Aug 14, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-55672
MEDIUM
Apache Superset < 5.0.0 - Authenticated Stored Cross-Site Scripting in Chart Column Label
Aug 14, 2025
CVSS 5.4
EPSS 0.01
CVE-2025-54472
HIGH
Apache bRPC < 1.14.1 - Denial of Service via Redis Protocol Parser Memory Allocation
Aug 14, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-55668
MEDIUM
Apache Tomcat <11.0.7, <10.1.41, <9.0.105 - Session Fixation
Aug 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-48989
HIGH
Apache Tomcat <11.0.10, 10.1.44, 9.0.108 - Improper Resource Shutdown
Aug 13, 2025
CVSS 7.5
EPSS 0.04
CVE-2025-53606
CRITICAL
Apache Seata <2.5.0 - Deserialization
Aug 08, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-48913
CRITICAL
Apache CXF < 3.6.8 - Remote Code Execution via JMS Configuration
Aug 08, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-24854
MEDIUM
Apache JSPWiki < 2.12.3 - Cross-Site Scripting via Image Plugin
Jul 31, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-24853
HIGH
Apache JSPWiki < 2.12.3 - Stored Cross-Site Scripting via Wiki Markup Header Link
Jul 31, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-54656
MEDIUM
Apache Struts Extras <2 - Info Disclosure
Jul 30, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-54090
MEDIUM
Apache HTTP Server <2.4.64 - Info Disclosure
Jul 23, 2025
CVSS 6.3
EPSS 0.01
CVE-2025-50151
HIGH
Apache Jena <5.4.0 - Info Disclosure
Jul 21, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-49656
HIGH
Apache Jena < 5.5.0 - Authenticated Path Traversal via Database File Creation
Jul 21, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-48795
MEDIUM
Apache CXF < 3.5.11, 3.6.6, 4.0.7, 4.1.1 - Denial of Service via Temporary File Logging
Jul 15, 2025
CVSS 5.6
EPSS 0.01
CVE-2025-53689
HIGH
Apache Jackrabbit <2.23.2 - Blind XXE
Jul 14, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-48924
MEDIUM
Apache Commons Lang <3.18.0 - Uncontrolled Recursion
Jul 11, 2025
CVSS 5.3
EPSS 0.02
CVE-2025-53506
HIGH
Apache Tomcat <11.0.9, <10.1.43, <9.0.107 - Uncontrolled Resource C...
Jul 10, 2025
CVSS 7.5
EPSS 0.02
CVE-2025-52520
HIGH
Apache Tomcat 9.0.0-9.0.106, 10.1.0-M1-10.1.42, 11.0.0-M1-11.0.8 DoS via Multipart Upload Integer Overflow
Jul 10, 2025
CVSS 7.5
EPSS 0.02
CVE-2025-52434
HIGH
Apache Tomcat 9.0.0-9.0.106 - Race Condition in APR/Native Connector
Jul 10, 2025
CVSS 7.5
EPSS 0.02
CVE-2025-53020
HIGH
Apache HTTP Server 2.4.17-2.4.63 - Use-After-Free
Jul 10, 2025
CVSS 7.5
EPSS 0.04
CVE-2025-49812
HIGH
Apache HTTP Server < 2.4.64 - HTTP Session Hijacking via TLS Upgrade Desynchronization
Jul 10, 2025
CVSS 7.4
EPSS 0.01
CVE-2025-49630
HIGH
Apache HTTP Server 2.4.26-2.4.63 - Denial of Service via mod_proxy_http2 Assertion
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-23048
CRITICAL
Apache HTTP Server 2.4.35-2.4.63 - Access Control Bypass via TLS 1.3 Session Resumption
Jul 10, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-27446
HIGH
Apache APISIX(java-plugin-runner) - Privilege Escalation
Jul 06, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-46647
MEDIUM
Apache APISIX < 3.12.0 - Authentication Bypass in OpenID-Connect Plugin via Issuer Confusion
Jul 02, 2025
CVSS 5.3
EPSS 0.00
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters