apache

2,899 tracked vulnerabilities.

CVE-2026-29129 HIGH
Apache Tomcat: TLS cipher order is not preserved
Apr 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-25854 MEDIUM
Apache Tomcat: Occasionally open redirect
Apr 09, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-24880 HIGH
Apache Tomcat: Request smuggling via invalid chunk extension
Apr 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-34020 HIGH
Apache OpenMeetings: Login Credentials Passed via GET Query Parameters
Apr 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33266 HIGH
Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt
Apr 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33005 MEDIUM
Apache OpenMeetings: Insufficient checks in FileWebService
Apr 09, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-34538 MEDIUM
Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)
Apr 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32588 MEDIUM
Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing
Apr 07, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27315 MEDIUM
Apache Cassandra: cqlsh history sensitive information leak
Apr 07, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-27314 HIGH
Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass
Apr 07, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-34197 HIGH KEVNUCLEI
Apache ActiveMQ Broker, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
Apr 07, 2026
CVSS 8.8
EPSS 0.70
CVE-2026-33227 MEDIUM
Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ Web: Improper Limitation of a Pathname to a Restricted Classpath Directory
Apr 07, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-32794 MEDIUM
Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange
Mar 30, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-32642 MEDIUM
Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission
Mar 24, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-30911 HIGH
Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization
Mar 17, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28779 HIGH
Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications
Mar 17, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28563 MEDIUM
Apache Airflow: DAG authorization bypass
Mar 17, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-26929 MEDIUM
Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata
Mar 17, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23907 MEDIUM
Apache PDFBox 2.0.24-2.0.35, 3.0.0-3.0.6 - Path Traversal
Mar 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-25604 MEDIUM
apache-airflow-providers-amazon < 9.22.0 - Origin Validation Error in AWS Auth Manager
Mar 09, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-24713 CRITICAL
Apache IoTDB 1.0.0-1.3.6/2.0.0-2.0.6 - Input Validation
Mar 09, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-24015 CRITICAL
Apache IoTDB 1.0.0-1.3.6/2.0.0-2.0.6 - Vuln Type
Mar 09, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-24308 HIGH
Apache ZooKeeper 3.8.5/3.9.4 - Info Disclosure
Mar 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-24281 HIGH
Apache ZooKeeper <3.8.6/3.9.5 - Auth Bypass
Mar 07, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-27446 CRITICAL
Apache Artemis/ActiveMQ Artemis - Auth Bypass
Mar 04, 2026
CVSS 9.8
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV