apache
3,084 tracked vulnerabilities.
CVE-2026-44417
HIGH
Apache CXF JMS Configuration - Remote Code Execution
May 22, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-48207
CRITICAL
Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement
May 21, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-45760
HIGH
Apache Camel K: Camel K Cross-Namespace Build Deputy Attack
May 21, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-42526
MEDIUM
Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends
May 19, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-27173
HIGH
Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments
May 19, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-47323
CRITICAL
Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering
May 19, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-46586
HIGH
Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution
May 19, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-45434
CRITICAL
Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE
May 19, 2026
CVSS 9.8
EPSS 0.23
CVE-2026-45187
MEDIUM
Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users to Submit System Jobs
May 19, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-41919
CRITICAL
Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction
May 19, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-35086
MEDIUM
Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services
May 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-31986
CRITICAL
Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection
May 19, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-31910
HIGH
Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access
May 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31909
HIGH
Apache OFBiz: Unauthenticated Shipment Label Image Disclosure
May 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31906
MEDIUM
Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters
May 19, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-31388
MEDIUM
Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature
May 19, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-31387
MEDIUM
Apache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonation
May 19, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-31380
MEDIUM
Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass
May 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-31379
MEDIUM
Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager
May 19, 2026
CVSS 6.1
EPSS 0.01
CVE-2026-31378
MEDIUM
Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution
May 19, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-29226
HIGH
Apache OFBiz: Low-Privilege SSRF in Content Component
May 19, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-29220
MEDIUM
Apache OFBiz: Low-Privilege LFI in Content Component
May 19, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-29207
MEDIUM
Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component
May 19, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-35194
HIGH
Apache Flink: Remote code execution via SQL injection in code generation
May 15, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-45205
MEDIUM
Apache Commons Configuration: StackOverflowError for YAML input with cycles
May 14, 2026
CVSS 5.3
EPSS 0.00
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters