apache
3,084 tracked vulnerabilities.
CVE-2025-32897
CRITICAL
Apache Seata 2.0.0-2.3.0 - Deserialization of Untrusted Data in Raft Cluster Mode
Jun 28, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-50213
CRITICAL
Apache Airflow Providers Snowflake <6.4.0 - Special Element Injection
Jun 24, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-32896
MEDIUM
Apache SeaTunnel <= 2.3.10 - Unauthenticated Arbitrary File Read and Deserialization via Hazelcast REST API
Jun 19, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-49763
HIGH
Apache Traffic Server 9.0.0-9.2.10 and 10.0.0-10.0.5 - Uncontrolled Resource Consumption in ESI Plugin
Jun 19, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-31698
HIGH
Apache Traffic Server <9.2.10, <10.0.6 - Info Disclosure
Jun 19, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-49125
HIGH
Apache Tomcat 9.0.0-9.0.105, 10.1.0-M1-10.1.41, 11.0.0-M1-11.0.7 - Authentication Bypass
Jun 16, 2025
CVSS 7.5
EPSS 0.03
CVE-2025-49124
HIGH
Apache Tomcat 9.0.23-9.0.105, 10.1.0-10.1.41, 11.0.0-M1-11.0.7 - Untrusted Search Path via icacls.exe
Jun 16, 2025
CVSS 8.4
EPSS 0.00
CVE-2025-48988
HIGH
Apache Tomcat - Allocation of Resources Without Limits or Throttling
Jun 16, 2025
CVSS 7.5
EPSS 0.55
CVE-2025-48976
HIGH
Apache Commons FileUpload <1.6-2.0.0-M4 - DoS
Jun 16, 2025
CVSS 7.5
EPSS 0.65
CVE-2025-47869
CRITICAL
Apache NuttX RTOS 6.22-12.9.0 - Buffer Overflow in XMLRPC Example Application
Jun 16, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-47868
CRITICAL
Apache NuttX 6.9-12.9.0 - Heap-based Buffer Overflow in BDF-Converter Font Utility
Jun 16, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-30675
MEDIUM
Apache CloudStack 4.0.0-4.19.2.0 - Unauthorized Information Disclosure via listTemplates and listIsos APIs
Jun 11, 2025
CVSS 4.7
EPSS 0.01
CVE-2025-47849
HIGH
Apache CloudStack 4.10.0.0-4.20.0.0 - Privilege Escalation via Domain Admin API Key Theft
Jun 10, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-47713
HIGH
Apache CloudStack 4.10.0.0-4.20.0.0 - Privilege Escalation via Domain Admin Password Reset
Jun 10, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-26521
HIGH
Apache CloudStack 4.17.0.0-4.19.2.0 - Exposure of Sensitive Information via CKS Kubernetes Cluster Secret Config
Jun 10, 2025
CVSS 8.1
EPSS 0.01
CVE-2025-22829
MEDIUM
Apache CloudStack 4.20.0.0 - Authenticated Privilege Escalation via Quota Plugin
Jun 10, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-27819
HIGH
Apache Kafka 2.0.0-3.3.2 and 3.4.0 - Remote Code Execution via SASL JAAS JndiLoginModule Configuration
Jun 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27818
HIGH
Apache Kafka 2.3.0-3.9.0 - Authenticated Remote Code Execution via SASL JAAS LDAP Deserialization
Jun 10, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-27817
HIGH
NUCLEI
Apache Kafka Client - Arbitrary File Read
Jun 10, 2025
CVSS 7.5
EPSS 0.62
CVE-2025-27531
CRITICAL
Apache InLong <2.1.0 - Deserialization
Jun 06, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-46548
MEDIUM
Pekko Management <1.1.1 - Auth Bypass
Jun 03, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-48912
MEDIUM
Apache Superset <4.1.2 - Privilege Escalation
May 30, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-46701
HIGH
Apache Tomcat <11.0.6 - Security Constraint Bypass
May 29, 2025
CVSS 7.3
EPSS 0.03
CVE-2025-48734
HIGH
Apache Commons <2.0.0 - Info Disclosure
May 28, 2025
CVSS 8.8
EPSS 0.02
CVE-2025-27528
CRITICAL
Apache InLong <2.2.0 - Deserialization
May 28, 2025
CVSS 9.1
EPSS 0.01
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters