apache
3,082 tracked vulnerabilities.
CVE-2026-47897
HIGH
Apache Lucene.Net: Arbitrary file write from malicious server to Lucene.Net.Replicator client
Jul 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-54428
HIGH
Apache HttpComponents Core: HPackDecoder Unlimited Header List Size Before SETTINGS ACK
Jul 01, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-54399
HIGH
Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration
Jul 01, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-54475
HIGH
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-53917
HIGH
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-53916
HIGH
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-52760
MEDIUM
Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ Web Console
Jun 30, 2026
CVSS 6.1
EPSS 0.01
CVE-2026-50750
HIGH
Apache ActiveMQ 5.19.7 and 6.2.6 - Unauthenticated OpenWire Denial of Service
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-50734
HIGH
Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire memory-allocation DoS during wire format negotiation
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-49877
HIGH
Apache ActiveMQ: Authenticated web users retain admin access by default in the Web Console
Jun 30, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-49434
HIGH
Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-49432
HIGH
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service
Jun 30, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-55957
HIGH
Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind
Jun 29, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-55956
MEDIUM
Apache Tomcat: Security constraints for default servlet ignored method
Jun 29, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-55955
MEDIUM
Apache Tomcat: EncryptInterceptor not protected against replay attacks
Jun 29, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-55276
CRITICAL
Apache Tomcat: Logged effective web.xml is incomplete
Jun 29, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-53434
CRITICAL
Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector
Jun 29, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-53404
HIGH
Apache Tomcat: Bad ornext processing in RewriteValve
Jun 29, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-50229
MEDIUM
Apache Tomcat: XSS in number guess example
Jun 29, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-49486
HIGH
Apache Airflow FTP provider: FTP Provider does not protect FTPS data channel (missing PROT_P)
Jun 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-54665
MEDIUM
Apache NiFi: Missing Validation for Proxy Host Headers
Jun 22, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-44914
HIGH
Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents
Jun 22, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-44913
HIGH
Apache NiFi: Improper Escaping of Table Names in CaptureChangeMySQL
Jun 22, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-44911
MEDIUM
Apache NiFi: Incorrect Authorization for Configuration Verification Requests
Jun 22, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-49872
HIGH
Apache APISIX: Improper authentication in cas-auth plugin
Jun 19, 2026
CVSS 8.1
EPSS 0.00
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters