apache

3,082 tracked vulnerabilities.

CVE-2026-47897 HIGH
Apache Lucene.Net: Arbitrary file write from malicious server to Lucene.Net.Replicator client
Jul 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-54428 HIGH
Apache HttpComponents Core: HPackDecoder Unlimited Header List Size Before SETTINGS ACK
Jul 01, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-54399 HIGH
Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration
Jul 01, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-54475 HIGH
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-53917 HIGH
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-53916 HIGH
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-52760 MEDIUM
Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ Web Console
Jun 30, 2026
CVSS 6.1
EPSS 0.01
CVE-2026-50750 HIGH
Apache ActiveMQ 5.19.7 and 6.2.6 - Unauthenticated OpenWire Denial of Service
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-50734 HIGH
Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire memory-allocation DoS during wire format negotiation
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-49877 HIGH
Apache ActiveMQ: Authenticated web users retain admin access by default in the Web Console
Jun 30, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-49434 HIGH
Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-49432 HIGH
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-55957 HIGH
Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind
Jun 29, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-55956 MEDIUM
Apache Tomcat: Security constraints for default servlet ignored method
Jun 29, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-55955 MEDIUM
Apache Tomcat: EncryptInterceptor not protected against replay attacks
Jun 29, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-55276 CRITICAL
Apache Tomcat: Logged effective web.xml is incomplete
Jun 29, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-53434 CRITICAL
Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector
Jun 29, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-53404 HIGH
Apache Tomcat: Bad ornext processing in RewriteValve
Jun 29, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-50229 MEDIUM
Apache Tomcat: XSS in number guess example
Jun 29, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-49486 HIGH
Apache Airflow FTP provider: FTP Provider does not protect FTPS data channel (missing PROT_P)
Jun 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-54665 MEDIUM
Apache NiFi: Missing Validation for Proxy Host Headers
Jun 22, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-44914 HIGH
Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents
Jun 22, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-44913 HIGH
Apache NiFi: Improper Escaping of Table Names in CaptureChangeMySQL
Jun 22, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-44911 MEDIUM
Apache NiFi: Incorrect Authorization for Configuration Verification Requests
Jun 22, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-49872 HIGH
Apache APISIX: Improper authentication in cas-auth plugin
Jun 19, 2026
CVSS 8.1
EPSS 0.00