apache

2,899 tracked vulnerabilities.

CVE-2026-33006 MEDIUM
Apache HTTP Server: mod_auth_digest timing attack
May 04, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-29169 HIGH
Apache HTTP Server: mod_dav_lock indirect lock crash
May 04, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-23918 HIGH
Apache HTTP Server: http2: double free and possible RCE on early reset
May 04, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-34032 MEDIUM
Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)
May 04, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33857 MEDIUM
Apache HTTP Server: Off-by-one OOB reads in AJP getter functions
May 04, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34059 HIGH
Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()
May 04, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-24072 HIGH
Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
May 04, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-42779 CRITICAL
Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2)
May 01, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-42778 CRITICAL
Apache MINA: CWE-502 Deserialization of Untrusted Data (take 2)
May 01, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-42404 MEDIUM
Apache Neethi: Unrestricted HTTP Redirect Following in Policy References
May 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42403 HIGH
Apache Neethi: Circular Policy Reference Infinite Loop
May 01, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42402 HIGH
Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS
May 01, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41016 MEDIUM
Apache Airflow Providers SMTP: No certificate validation on SMTP STARTTLS connections in SMTP provider
Apr 30, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41873 CRITICAL
Pony Mail: Admin account takeover via request smuggling
Apr 28, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-41636 HIGH
Apache Thrift: Node.js skip() recursion
Apr 28, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41607 MEDIUM
Apache Thrift: C++ JSON OOB read
Apr 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41606 MEDIUM
Apache Thrift: c_glib dispatch stack overflow
Apr 28, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41605 HIGH
Apache Thrift: Swift Compact Protocol integer overflow
Apr 28, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-41604 HIGH
Apache Thrift: Swift Range crash in skip()
Apr 28, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-41603 HIGH
Apache Thrift: Java TSSLTransportFactory hostname verification
Apr 28, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-41602 HIGH
Apache Thrift: Go TFramedTransport uint32 overflow
Apr 28, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41081 MEDIUM
Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure
Apr 27, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-40557 MEDIUM
Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections
Apr 27, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-33453 CRITICAL NUCLEI
Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution
Apr 27, 2026
CVSS 10.0
EPSS 0.06
CVE-2026-27172 HIGH
Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store
Apr 27, 2026
CVSS 8.8
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV