apache
3,082 tracked vulnerabilities.
CVE-2026-50628
CRITICAL
Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control
Jun 12, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-50627
CRITICAL
Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator
Jun 12, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-50623
MEDIUM
Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService
Jun 12, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-49875
CRITICAL
Apache CXF: XML External Entity (XXE) Injection in W3CMultiSchemaFactory and EndpointReferenceUtils
Jun 12, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-50223
HIGH
Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution
Jun 10, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-47342
HIGH
Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
Jun 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-25700
HIGH
Apache Answer: AdminToken not invalidated after admin deactivation
Jun 10, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-49818
MEDIUM
Apache Airflow Samba provider: Path traversal in GCSToSambaOperator via GCS object names
Jun 09, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-34905
MEDIUM
Apache Answer: Unlisted Questions Accessible via Direct API Access
Jun 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34033
MEDIUM
Apache Answer: HTML Content Injection in Email
Jun 09, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-34031
MEDIUM
Apache Answer: The custom avatar was not properly validated
Jun 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33582
MEDIUM
Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error
Jun 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25699
MEDIUM
Apache Answer: Authorization Bypass in Timeline API
Jun 09, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25688
MEDIUM
Apache Answer: XSS in AI Answer Rendering
Jun 09, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-49975
HIGH
Apache HTTP Server: mod_http2 denial of service
Jun 08, 2026
CVSS 7.5
EPSS 0.11
CVE-2026-48913
HIGH
Apache HTTP Server: mod_http2 memory corruption when file handles exhausted
Jun 08, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-44631
CRITICAL
Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow
Jun 08, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-44186
HIGH
Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp
Jun 08, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-44185
HIGH
Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`
Jun 08, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-44119
MEDIUM
Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules
Jun 08, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-43951
MEDIUM
Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash
Jun 08, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-42536
HIGH
Apache HTTP Server: mod_xml2enc heap overflow
Jun 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-42535
CRITICAL
Apache HTTP Server: mod_dav_fs protected directory access
Jun 08, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-34356
HIGH
Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow
Jun 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-34355
HIGH
Apache HTTP Server: mod_proxy_html buffer overflow
Jun 08, 2026
CVSS 7.5
EPSS 0.01
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters