apache

2,899 tracked vulnerabilities.

CVE-2026-23984 MEDIUM
Apache Superset <6.0.0 - Auth Bypass
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23983 MEDIUM
Apache Superset < 6.0.0 - Authenticated Sensitive Data Exposure via Tag Endpoint
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23982 MEDIUM
Apache Superset <6.0.0 - Auth Bypass
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23980 MEDIUM
Apache Superset <6.0.0 - SQL Injection
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23969 MEDIUM
Apache Superset <4.1.2 - SQL Injection
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25747 HIGH
Apache Camel LevelDB - Deserialization
Feb 23, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-23552 CRITICAL
Apache Camel 4.15.0-4.17.0 - Auth Bypass
Feb 23, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-24734 HIGH
Apache Tomcat Native 1.3.0-1.3.4 - Auth Bypass
Feb 17, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-24733 LOW
Apache Tomcat 9.0.0-11.0.14 - Auth Bypass
Feb 17, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-25087 HIGH
Apache Arrow C++ 15.0.0-23.0.0 - Use After Free
Feb 17, 2026
CVSS 7.0
EPSS 0.00
CVE-2026-25903 MEDIUM
Apache NiFi 1.1.0-2.7.2 - Privilege Escalation
Feb 17, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-24343 HIGH
Apache HertzBeat <1.8.0 - XPath Injection
Feb 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-23906 CRITICAL
Apache Druid 0.17.0-35.x - Authentication Bypass via LDAP Anonymous Bind
Feb 10, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-23901 LOW
Apache Shiro <2.0.7 - Info Disclosure
Feb 10, 2026
CVSS 2.5
EPSS 0.00
CVE-2026-24098 MEDIUM
Apache Airflow <3.1.7 - Info Disclosure
Feb 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-22922 MEDIUM
Apache Airflow <3.1.6 - Info Disclosure
Feb 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23903 MEDIUM
Apache Shiro < 2.0.7 - Authentication Bypass via Case-Insensitive Static File Request
Feb 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-24735 HIGH
Apache Answer <2.0.0 - Info Disclosure
Feb 04, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-23795 MEDIUM
Apache Syncope <3.0.15/<4.0.3 - XML External Entity Reference
Feb 03, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-23794 MEDIUM
Apache Syncope <3.0.15/<4.0.3 - XSS
Feb 03, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-24656 LOW
Apache Karaf Decanter - Deserialization
Jan 26, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-22444 HIGH
Apache Solr 8.6.0-9.10.0 - Unauthenticated Path Traversal via Create Core API
Jan 21, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-22022 HIGH
Apache Solr 5.3.0-9.10.0 - Improper Authorization in RuleBasedAuthorizationPlugin
Jan 21, 2026
CVSS 8.2
EPSS 0.00
CVE-2025-69233 MEDIUM
Apache CloudStack: Domain/account resources limits not honored
May 08, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-66467 HIGH
Apache CloudStack: MinIO policy remains intact on bucket deletion
May 08, 2026
CVSS 8.0
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV