Apache

2,725 tracked vulnerabilities.

CVE-2025-54981 HIGH
Apache Streampark < 2.1.7 - Broken Cryptographic Algorithm
Dec 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54947 CRITICAL
Apache Streampark < 2.1.7 - Information Disclosure
Dec 12, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-58137 HIGH
Apache Fineract < 1.12.1 - IDOR
Dec 12, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-58130 CRITICAL
Apache Fineract < 1.12.1 - Insufficiently Protected Credentials
Dec 12, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-26866 HIGH
Apache Hugegraph < 1.7.0 - Insecure Deserialization
Dec 12, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-23408 MEDIUM
Apache Fineract <1.10.1 - Info Disclosure
Dec 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-66675 HIGH
Apache Struts <6.7.4, <7.0.3 - DoS
Dec 10, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-58098 HIGH
Apache HTTP Server <2.4.66 - Command Injection
Dec 05, 2025
CVSS 8.3
EPSS 0.00
CVE-2025-66200 MEDIUM
Apache HTTP Server <2.4.66 - Auth Bypass
Dec 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-65082 MEDIUM
Apache HTTP Server <2.4.66 - XSS
Dec 05, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-59775 HIGH
Apache HTTP Server < 2.4.66 - SSRF
Dec 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-55753 HIGH
Apache HTTP Server <2.4.66 - DoS
Dec 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-66516 HIGHNUCLEI
Apache Tika <3.2.1 - XXE
Dec 04, 2025
CVSS 8.4
EPSS 0.01
CVE-2025-64775 HIGH
Apache Struts < 6.8.0 - Denial of Service
Dec 01, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-59789 HIGH
Apache bRPC <1.15.0 - DoS
Dec 01, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-59792 MEDIUM
Apache Kvrocks < 2.14.0 - Cleartext Storage
Nov 28, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-59790 MEDIUM
Apache Kvrocks < 2.14.0 - Improper Privilege Management
Nov 28, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-59454 MEDIUM
Apache Cloudstack < 4.20.2.0 - Information Disclosure
Nov 27, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-59302 MEDIUM
Apache Cloudstack < 4.20.2.0 - Code Injection
Nov 27, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-54057 MEDIUM
Apache Skywalking < 10.3.0 - Basic XSS
Nov 27, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-62728 MEDIUM
Apache Hive < 4.2.0 - SQL Injection
Nov 26, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-59390 CRITICAL
Apache Druid < 35.0.0 - Authentication Bypass
Nov 26, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-65998 HIGH
Apache Syncope - Info Disclosure
Nov 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-64408 MEDIUM
Apache Causeway < 3.5.0 - Insecure Deserialization
Nov 19, 2025
CVSS 6.3
EPSS 0.01
CVE-2025-64407 MEDIUM
Apache Openoffice < 4.1.16 - Missing Authorization
Nov 12, 2025
CVSS 5.3
EPSS 0.00
Products
http_server 306 tomcat 234 airflow 101 struts 90 traffic_server 80 superset 68 openoffice 60 ofbiz 57 activemq 51 subversion 47 solr 46 nifi 44 cxf 43 cloudstack 38 hadoop 37 inlong 32 camel 31 ambari 26 tika 25 openmeetings 25 jspwiki 24 dolphinscheduler 24 geode 23 zeppelin 22 ranger 21 spark 21 kylin 21 couchdb 20 archiva 20 pulsar 20
Quick Filters
Critical CVEs With Exploits In CISA KEV