apache

3,084 tracked vulnerabilities.

CVE-2026-34356 HIGH
Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow
Jun 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-34355 HIGH
Apache HTTP Server: mod_proxy_html buffer overflow
Jun 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-29170 MEDIUM
Apache HTTP Server: mod_proxy_ftp XSS
Jun 08, 2026
CVSS 6.1
EPSS 0.01
CVE-2026-29167 CRITICAL
Apache HTTP Server: mod_ldap per-dir use-after-free
Jun 08, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-47430 HIGH
Apache Cordova InAppBrowser iOS 3.1.0-6.0.0 - Callback ID Spoofing
Jun 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-50076 CRITICAL
Apache Fory: Java ReplaceResolverSerializer deserialization checks bypass
Jun 04, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-47065 CRITICAL
Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232
Jun 03, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-46718 MEDIUM
Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution
Jun 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41115 MEDIUM
Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API
Jun 02, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-49328 MEDIUM
Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF
Jun 01, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-49361 HIGH
Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability
Jun 01, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-49298 HIGH
Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments
Jun 01, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-49270 MEDIUM
Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)
Jun 01, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-49267 MEDIUM
Apache Airflow: No certificate validation on SMTP STARTTLS connections
Jun 01, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-49157 HIGH
Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default
Jun 01, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-48827 HIGH
Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git
Jun 01, 2026
CVSS 7.1
EPSS 0.01
CVE-2026-48726 MEDIUM
Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path
Jun 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-46764 MEDIUM
Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter
Jun 01, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-46605 MEDIUM
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal
Jun 01, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-45505 HIGH
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass
Jun 01, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-45426 LOW
Apache Airflow Log Server - JWT Authorization Bypass
Jun 01, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-45360 HIGH
Apache Airflow: Arbitrary import in custom deadline-reference deserialization
Jun 01, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-44825 HIGH
Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users
Jun 01, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-42588 HIGH
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector
Jun 01, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-42360 MEDIUM
Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking
Jun 01, 2026
CVSS 6.5
EPSS 0.00