apache

3,084 tracked vulnerabilities.

CVE-2025-32897 CRITICAL
Apache Seata 2.0.0-2.3.0 - Deserialization of Untrusted Data in Raft Cluster Mode
Jun 28, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-50213 CRITICAL
Apache Airflow Providers Snowflake <6.4.0 - Special Element Injection
Jun 24, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-32896 MEDIUM
Apache SeaTunnel <= 2.3.10 - Unauthenticated Arbitrary File Read and Deserialization via Hazelcast REST API
Jun 19, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-49763 HIGH
Apache Traffic Server 9.0.0-9.2.10 and 10.0.0-10.0.5 - Uncontrolled Resource Consumption in ESI Plugin
Jun 19, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-31698 HIGH
Apache Traffic Server <9.2.10, <10.0.6 - Info Disclosure
Jun 19, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-49125 HIGH
Apache Tomcat 9.0.0-9.0.105, 10.1.0-M1-10.1.41, 11.0.0-M1-11.0.7 - Authentication Bypass
Jun 16, 2025
CVSS 7.5
EPSS 0.03
CVE-2025-49124 HIGH
Apache Tomcat 9.0.23-9.0.105, 10.1.0-10.1.41, 11.0.0-M1-11.0.7 - Untrusted Search Path via icacls.exe
Jun 16, 2025
CVSS 8.4
EPSS 0.00
CVE-2025-48988 HIGH
Apache Tomcat - Allocation of Resources Without Limits or Throttling
Jun 16, 2025
CVSS 7.5
EPSS 0.55
CVE-2025-48976 HIGH
Apache Commons FileUpload <1.6-2.0.0-M4 - DoS
Jun 16, 2025
CVSS 7.5
EPSS 0.65
CVE-2025-47869 CRITICAL
Apache NuttX RTOS 6.22-12.9.0 - Buffer Overflow in XMLRPC Example Application
Jun 16, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-47868 CRITICAL
Apache NuttX 6.9-12.9.0 - Heap-based Buffer Overflow in BDF-Converter Font Utility
Jun 16, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-30675 MEDIUM
Apache CloudStack 4.0.0-4.19.2.0 - Unauthorized Information Disclosure via listTemplates and listIsos APIs
Jun 11, 2025
CVSS 4.7
EPSS 0.01
CVE-2025-47849 HIGH
Apache CloudStack 4.10.0.0-4.20.0.0 - Privilege Escalation via Domain Admin API Key Theft
Jun 10, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-47713 HIGH
Apache CloudStack 4.10.0.0-4.20.0.0 - Privilege Escalation via Domain Admin Password Reset
Jun 10, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-26521 HIGH
Apache CloudStack 4.17.0.0-4.19.2.0 - Exposure of Sensitive Information via CKS Kubernetes Cluster Secret Config
Jun 10, 2025
CVSS 8.1
EPSS 0.01
CVE-2025-22829 MEDIUM
Apache CloudStack 4.20.0.0 - Authenticated Privilege Escalation via Quota Plugin
Jun 10, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-27819 HIGH
Apache Kafka 2.0.0-3.3.2 and 3.4.0 - Remote Code Execution via SASL JAAS JndiLoginModule Configuration
Jun 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27818 HIGH
Apache Kafka 2.3.0-3.9.0 - Authenticated Remote Code Execution via SASL JAAS LDAP Deserialization
Jun 10, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-27817 HIGH NUCLEI
Apache Kafka Client - Arbitrary File Read
Jun 10, 2025
CVSS 7.5
EPSS 0.62
CVE-2025-27531 CRITICAL
Apache InLong <2.1.0 - Deserialization
Jun 06, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-46548 MEDIUM
Pekko Management <1.1.1 - Auth Bypass
Jun 03, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-48912 MEDIUM
Apache Superset <4.1.2 - Privilege Escalation
May 30, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-46701 HIGH
Apache Tomcat <11.0.6 - Security Constraint Bypass
May 29, 2025
CVSS 7.3
EPSS 0.03
CVE-2025-48734 HIGH
Apache Commons <2.0.0 - Info Disclosure
May 28, 2025
CVSS 8.8
EPSS 0.02
CVE-2025-27528 CRITICAL
Apache InLong <2.2.0 - Deserialization
May 28, 2025
CVSS 9.1
EPSS 0.01