apache

3,084 tracked vulnerabilities.

CVE-2025-27427 MEDIUM
Apache ActiveMQ Artemis - Privilege Escalation
Apr 01, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-30067 HIGH
Apache Kylin <5.0.1 - Code Injection
Mar 27, 2025
CVSS 7.2
EPSS 0.01
CVE-2025-30474 MEDIUM
Apache Commons VFS <2.10.0 - Info Disclosure
Mar 23, 2025
CVSS 5.0
EPSS 0.01
CVE-2025-27553 HIGH
Apache Commons VFS < 2.10.0 - Relative Path Traversal via Encoded Dot-Dot-Slash Sequences
Mar 23, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-26796 MEDIUM
Apache Oozie - Cross-Site Scripting
Mar 22, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-27888 MEDIUM NUCLEI
Apache Druid - Server-Side Request Forgery
Mar 20, 2025
CVSS 5.4
EPSS 0.02
CVE-2025-27018 MEDIUM
Apache Airflow MySQL Provider <6.2.0 - SQL Injection
Mar 19, 2025
CVSS 6.3
EPSS 0.01
CVE-2025-27017 MEDIUM
Apache NiFi <2.3.0 - Info Disclosure
Mar 12, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-27867 MEDIUM
Apache Felix HTTP Webconsole Plugin 1.X-1.2.0 - Cross-Site Scripting
Mar 12, 2025
CVSS 5.6
EPSS 0.01
CVE-2025-29891 MEDIUM
Apache Camel <4.10.2-<4.8.5-<3.22.4 - Command Injection
Mar 12, 2025
CVSS 4.8
EPSS 0.72
CVE-2025-24813 CRITICAL KEVNUCLEI
Tomcat Partial PUT Java Deserialization
Mar 10, 2025
CVSS 9.8
EPSS 1.00
CVE-2025-26865 LOW
Apache OFBiz <18.12.18 - Info Disclosure
Mar 10, 2025
CVSS 3.5
EPSS 0.01
CVE-2025-27636 MEDIUM
Apache Camel <4.10.2 - Command Injection
Mar 09, 2025
CVSS 5.6
EPSS 0.80
CVE-2025-25247 MEDIUM
Apache Felix Webconsole <4.9.8-5.0.8 - XSS
Feb 10, 2025
CVSS 6.1
EPSS 0.01
CVE-2025-25069 MEDIUM
Apache Kvrocks < 2.11.1 - Cross-Protocol Scripting via RESP Request Misinterpretation
Feb 07, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-24860 MEDIUM
Apache Cassandra <4.0.15, <4.1.7 - Auth Bypass
Feb 04, 2025
CVSS 5.4
EPSS 0.01
CVE-2025-23015 HIGH
Apache Cassandra <4.1.8 - Privilege Escalation
Feb 04, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-24783 HIGH
Apache Cocoon - Insecure Continuation ID Generation via Predictable PRNG Seed
Jan 27, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-24814 MEDIUM
Apache Solr < 9.8.0 - Unauthenticated Privilege Escalation via Configset File Replacement
Jan 27, 2025
CVSS 5.5
EPSS 0.01
CVE-2025-23196 HIGH
Apache Ambari < 2.7.9 - Authenticated Remote Code Execution via Alert Script Filename
Jan 21, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-23195 HIGH
Apache Ambari < 2.7.9 - XML External Entity Injection via DocumentBuilderFactory
Jan 21, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-23184 MEDIUM
Apache CXF < 3.5.10, 3.6.5, 4.0.6 - Denial of Service via Unclosed CachedOutputStream
Jan 21, 2025
CVSS 5.9
EPSS 0.02
CVE-2025-22828 MEDIUM
Apache CloudStack >= 4.16.0.0 - Authenticated Exposure of Sensitive Information via Annotations API
Jan 13, 2025
CVSS 4.3
EPSS 0.02
CVE-2024-56373 HIGH
Airflow 2 - Privilege Escalation to RCE
Feb 24, 2026
CVSS 8.4
EPSS 0.01
CVE-2024-44088 MEDIUM
Apache Geode < 1.15.2 - Stored Cross-Site Scripting via REST Web API
Oct 14, 2025
CVSS 6.1
EPSS 0.01