Apache

2,736 tracked vulnerabilities.

CVE-2025-48795 MEDIUM
Apache CXF - DoS
Jul 15, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-53689 HIGH
Apache Jackrabbit <2.23.2 - Blind XXE
Jul 14, 2025
CVSS 8.8
EPSS 0.00
CVE-2024-41169 HIGH
Apache Zeppelin <0.12.0 - Info Disclosure
Jul 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-48924 MEDIUM
Apache Commons Lang <3.18.0 - Uncontrolled Recursion
Jul 11, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-53506 HIGH
Apache Tomcat <11.0.9, <10.1.43, <9.0.107 - Uncontrolled Resource C...
Jul 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-52520 HIGH
Apache Tomcat < 9.0.107 - Integer Overflow
Jul 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-52434 HIGH
Apache Tomcat < 9.0.107 - Race Condition
Jul 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53020 HIGH
Apache HTTP Server < 2.4.64 - Memory Leak
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-49812 HIGH
Apache HTTP Server < 2.4.64 - Authentication Bypass
Jul 10, 2025
CVSS 7.4
EPSS 0.00
CVE-2025-49630 HIGH
Apache HTTP Server < 2.4.64 - Reachable Assertion
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-23048 CRITICAL
Apache HTTP Server < 2.4.64 - Improper Access Control
Jul 10, 2025
CVSS 9.1
EPSS 0.00
CVE-2024-47252 HIGH
Apache HTTP Server <2.4.63 - Info Disclosure
Jul 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-43394 HIGH
Apache HTTP Server < 2.4.64 - SSRF
Jul 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-43204 HIGH
Apache HTTP Server - SSRF
Jul 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-42516 HIGH
Apache HTTP Server <2.4.64 - Info Disclosure
Jul 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-27446 HIGH
Apache APISIX(java-plugin-runner) - Privilege Escalation
Jul 06, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-46647 MEDIUM
Apache APISIX - Auth Bypass
Jul 02, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-35164 MEDIUM
Apache Guacamole < 1.6.0 - Improper Array Index Validation
Jul 02, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-32897 CRITICAL
Apache Seata < 2.3.0 - Insecure Deserialization
Jun 28, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-50213 CRITICAL
Apache Airflow Providers Snowflake <6.4.0 - Special Element Injection
Jun 24, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-32896 MEDIUM
Apache Seatunnel < 2.3.11 - Missing Authentication
Jun 19, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-49763 HIGH
Apache Traffic Server < 9.2.11 - Denial of Service
Jun 19, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-31698 HIGH
Apache Traffic Server <9.2.10, <10.0.6 - Info Disclosure
Jun 19, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-49125 HIGH
Apache Tomcat < 9.0.106 - Authentication Bypass
Jun 16, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-49124 HIGH
Apache Tomcat < 9.0.106 - Untrusted Search Path
Jun 16, 2025
CVSS 8.4
EPSS 0.00
Products
http_server 306 tomcat 237 airflow 101 struts 90 traffic_server 80 superset 68 openoffice 60 ofbiz 57 activemq 51 subversion 47 solr 46 nifi 44 cxf 43 cloudstack 38 hadoop 37 inlong 32 camel 31 ambari 26 tika 25 openmeetings 25 jspwiki 24 dolphinscheduler 24 geode 23 zeppelin 22 ranger 21 spark 21 kylin 21 couchdb 20 fineract 20 hive 20
Quick Filters
Critical CVEs With Exploits In CISA KEV