apache
3,084 tracked vulnerabilities.
CVE-2026-34356
HIGH
Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow
Jun 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-34355
HIGH
Apache HTTP Server: mod_proxy_html buffer overflow
Jun 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-29170
MEDIUM
Apache HTTP Server: mod_proxy_ftp XSS
Jun 08, 2026
CVSS 6.1
EPSS 0.01
CVE-2026-29167
CRITICAL
Apache HTTP Server: mod_ldap per-dir use-after-free
Jun 08, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-47430
HIGH
Apache Cordova InAppBrowser iOS 3.1.0-6.0.0 - Callback ID Spoofing
Jun 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-50076
CRITICAL
Apache Fory: Java ReplaceResolverSerializer deserialization checks bypass
Jun 04, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-47065
CRITICAL
Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232
Jun 03, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-46718
MEDIUM
Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution
Jun 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41115
MEDIUM
Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API
Jun 02, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-49328
MEDIUM
Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF
Jun 01, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-49361
HIGH
Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability
Jun 01, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-49298
HIGH
Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments
Jun 01, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-49270
MEDIUM
Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)
Jun 01, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-49267
MEDIUM
Apache Airflow: No certificate validation on SMTP STARTTLS connections
Jun 01, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-49157
HIGH
Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default
Jun 01, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-48827
HIGH
Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git
Jun 01, 2026
CVSS 7.1
EPSS 0.01
CVE-2026-48726
MEDIUM
Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path
Jun 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-46764
MEDIUM
Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter
Jun 01, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-46605
MEDIUM
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal
Jun 01, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-45505
HIGH
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass
Jun 01, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-45426
LOW
Apache Airflow Log Server - JWT Authorization Bypass
Jun 01, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-45360
HIGH
Apache Airflow: Arbitrary import in custom deadline-reference deserialization
Jun 01, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-44825
HIGH
Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users
Jun 01, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-42588
HIGH
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector
Jun 01, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-42360
MEDIUM
Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking
Jun 01, 2026
CVSS 6.5
EPSS 0.00
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters