194 Total CVEs
134 AI Analyzed
1 CISA KEV
56 Critical
All Vendors
Showing 1-194 of 194 CVEs
CVE-2026-57915
Analyzed
7.3
Apache Kerby

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type

2026-06-28
CVE-2026-56140
Analyzed
9.8
Apache Apache Camel AWS2 SNS

A defense-in-depth hardening change was applied to the Apache Camel AWS2 SNS component to align header filtering strategies, despite no known exploit...

2026-07-07
CVE-2026-56091
Analyzed
8.2
Apache Apache Shiro

When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass

2026-06-26
CVE-2026-55994
Analyzed
7.5
Apache Apache Camel Iggy

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Came...

2026-07-07
CVE-2026-5081
Analyzed
9.1
Apache mod

The Apache::Session::Generate::ModUniqueId module generates insecure session IDs using predictable environment variables, allowing for potential sessi...

2026-05-07
CVE-2026-50633
Analyzed
8.1
Apache CXF

A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able...

2026-06-14
CVE-2026-50632
Analyzed
8.1
Apache CXF

A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, whic...

2026-06-14
CVE-2026-50223
Analyzed
8.8
Apache OFBiz

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataRe...

2026-06-12
CVE-2026-49877
Analyzed
8.1
Apache Apache ActiveMQ

Improper Authorization vulnerability in Apache ActiveMQ

2026-07-01
CVE-2026-49257
Analyzed
10
Apache Pinot (via mcp-pinot)

The mcp-pinot server defaults to an unauthenticated configuration, allowing any network-adjacent attacker to execute arbitrary SQL and mutate table co...

2026-06-19
CVE-2026-49157
Analyzed
8.8
Apache ActiveMQ

Incorrect Default Permissions vulnerability in Apache ActiveMQ

2026-06-02
CVE-2026-49042
Analyzed
7.3
Apache Camel

Improper Input Validation vulnerability in Apache Camel

2026-07-07
CVE-2026-48207
Analyzed
9.8
Apache Fory PyFory

Apache Fory PyFory is vulnerable to deserialization of untrusted data, which can bypass safety policies and lead to remote code execution.

2026-05-22
CVE-2026-48205
Analyzed
9.1
Apache Camel DNS

An SSRF vulnerability in Apache Camel DNS allows unauthenticated attackers to perform internal network reconnaissance and potentially interact with at...

2026-07-07
CVE-2026-48204
Analyzed
9.8
Apache Apache Camel

An input validation vulnerability in the Apache Camel MongoDB GridFS component allows unauthenticated remote attackers to perform unauthorized operati...

2026-07-07
CVE-2026-48203
Analyzed
9.1
Apache Apache Camel

The Apache Camel Solr component is vulnerable to SSRF and parameter injection due to improper header validation, allowing unauthenticated attackers to...

2026-07-07
CVE-2026-47897
Analyzed
8.9
Apache Lucene

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene

2026-07-03
CVE-2026-47896
Analyzed
8.9
Apache Lucene

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene

2026-07-03
CVE-2026-47342
Analyzed
8.8
Apache OFBiz

A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apac...

2026-06-13
CVE-2026-46752
Analyzed
10
Apache Apache Kvrocks

A heap overflow vulnerability exists within the cjson library of Apache Kvrocks, which could lead to memory corruption or arbitrary code execution.

2026-06-26
CVE-2026-46726
Analyzed
7.5
Apache Apache Camel Vertx Websocket

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Came...

2026-07-07
CVE-2026-46592
Analyzed
7.5
Apache Apache Camel

Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apache Camel CXF SOAP component

2026-07-07
CVE-2026-46591
Analyzed
8.2
Apache Apache Camel

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component

2026-07-07
CVE-2026-46590
Analyzed
8.8
Apache Apache Camel

Deserialization of Untrusted Data vulnerability in Apache Camel PQC component

2026-07-07
CVE-2026-46588
Analyzed
7.3
Apache Camel

Improper Input Validation vulnerability in Apache Camel

2026-07-07
CVE-2026-46587
Analyzed
7.3
Apache Camel

Improper Input Validation vulnerability in Apache Camel

2026-07-07
CVE-2026-46586
Analyzed
7.3
Apache OFBiz

Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vuln...

2026-05-20
CVE-2026-46585
Analyzed
7.5
Apache Apache Camel Lucene

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component

2026-07-07
CVE-2026-46457
Analyzed
7.5
Apache Apache Camel

Improper Input Validation vulnerability in Apache Camel NATS component

2026-07-07
CVE-2026-46456
Analyzed
9.8
Apache Camel

Improper input validation in the Apache Camel AWS2-SQS component allows attackers to inject arbitrary control headers, potentially hijacking downstrea...

2026-07-07
CVE-2026-46455
Analyzed
9.8
Apache Apache Camel

The Apache Camel Keycloak component fails to properly validate token expiration and 'not-before' claims, allowing the acceptance of expired or invalid...

2026-07-07
CVE-2026-46454
Analyzed
9.8
Apache Apache Camel

The Apache Camel Cometd component is vulnerable to improper input validation, allowing unauthenticated remote attackers to inject control headers and...

2026-07-07
CVE-2026-45567
Analyzed
8.3
Apache Roxy-WI

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers

2026-06-12
CVE-2026-45564
Analyzed
8.8
Apache Roxy-WI

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers

2026-06-11
CVE-2026-45549
Analyzed
8.5
Apache Roxy-WI

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers

2026-06-11
CVE-2026-45505
Analyzed
8.8
Apache ActiveMQ

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apa...

2026-06-02
CVE-2026-45434
Analyzed
8.8
Apache OFBiz via

Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz...

2026-05-20
CVE-2026-44914
Analyzed
7.5
Apache NiFi

Apache NiFi 1

2026-06-22
CVE-2026-44631
Analyzed
9.8
Apache HTTP Server

A buffer underwrite vulnerability in the Apache HTTP Server, triggered by crafted regular expressions, allows for potential memory corruption.

2026-06-09
CVE-2026-43869
7.3
Apache Thrift

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift

2026-05-06
CVE-2026-43867
Analyzed
9.8
Apache Camel

A deserialization vulnerability in the Apache Camel PQC component allows attackers with write access to AWS Secrets Manager to execute arbitrary code...

2026-07-07
CVE-2026-43866
Analyzed
7.3
Apache Camel

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component

2026-07-07
CVE-2026-43865
Analyzed
8.1
Apache Apache Camel

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component

2026-07-07
CVE-2026-43825
Analyzed
7.3
Apache OpenNLP Core ML LibSVM

Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel Versions Affected:   before 3

2026-07-07
CVE-2026-42812
Analyzed
9.9
Apache Iceberg

A security-sensitive metadata write bypass in Apache Iceberg allows authorized users to perform unauthorized operations on storage locations by manipu...

2026-05-05
CVE-2026-42810
Analyzed
9.9
Apache Polaris accepts

Apache Polaris is vulnerable to cross-table access due to improper handling of wildcard characters in object names, which results in insecure S3 IAM p...

2026-05-05
CVE-2026-42809
Analyzed
9.9
Apache Polaris can

Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective table location has been vali...

2026-05-05
CVE-2026-42779
Analyzed
9.8
Apache MINA

Apache MINA's AbstractIoBuffer.resolveClass() contains a branch that fails to validate classes, allowing for arbitrary code execution via deserializat...

2026-05-02
CVE-2026-42778
Analyzed
9.8
Apache MINA AbstractIoBuffer

An incomplete fix for a deserialization vulnerability in Apache MINA's AbstractIoBuffer.getObject() allows for remote code execution via classname all...

2026-05-02
CVE-2026-42527
Analyzed
8.1
Apache Camel

Deserialization of Untrusted Data vulnerability in Apache Camel

2026-07-07
CVE-2026-42440
Analyzed
7.5
Apache OpenNLP AbstractModelReader

OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader  Versions Affected:  before 2

2026-05-06
CVE-2026-42403
7.5
Apache Neethi does

Apache Neethi does not properly detect circular references in policy definitions

2026-05-02
CVE-2026-42402
7.5
Apache Neethi is

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization

2026-05-02
CVE-2026-42359
Analyzed
8.8
Apache Airflow

A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authenticated UI/API user with XCom write permission on a D...

2026-06-03
CVE-2026-41919
Analyzed
9.1
Apache OFBiz

Apache OFBiz is susceptible to LDAP injection, enabling attackers to manipulate LDAP queries through unsanitized user input.

2026-05-20
CVE-2026-41855
Analyzed
8.1
Apache ActiveMQ (JMS)

In an untrusted JMS environment, org

2026-06-09
CVE-2026-41636
7.5
Apache Thrift Node

Uncontrolled Recursion vulnerability in Apache Thrift Node

2026-04-29
CVE-2026-41635
Analyzed
9.8
Apache MINA

Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at a...

2026-04-28
CVE-2026-41605
7.3
Apache Thrift

Integer Overflow or Wraparound vulnerability in Apache Thrift

2026-04-30
CVE-2026-41604
8.2
Apache Thrift

Out-of-bounds Read vulnerability in Apache Thrift

2026-04-29
CVE-2026-41603
7.4
Apache Thrift

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift

2026-04-29
CVE-2026-41602
7.5
Apache Thrift TFramedTransport

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0

2026-04-29
CVE-2026-41566
Analyzed
9.4
Apache Apache Kvrocks

Apache Kvrocks version 2.8.0 contains a vulnerability involving the improper handling of permissions, which could lead to unauthorized privilege escal...

2026-06-26
CVE-2026-41409
Analyzed
9.8
Apache MINA AbstractIoBuffer

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized w...

2026-04-28
CVE-2026-41258
Analyzed
9.1
Apache Velocity templates

OpenMRS Core fails to properly sandbox Apache Velocity templates, allowing authenticated users with specific privileges to achieve arbitrary Java refl...

2026-05-16
CVE-2026-41044
Analyzed
8.8
Apache ActiveMQ

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache...

2026-04-25
CVE-2026-40860
Analyzed
9.8
Apache Camel

JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessag...

2026-04-28
CVE-2026-40859
Analyzed
8.1
Apache Camel

Deserialization of Untrusted Data vulnerability in Apache Camel

2026-07-07
CVE-2026-40858
8.8
Apache Camel

The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java

2026-04-28
CVE-2026-40563
7.1
Apache endpoint that

Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that a...

2026-05-05
CVE-2026-40473
8.8
Apache Camel

The camel-mina component's MinaConverter

2026-04-28
CVE-2026-40466
8.8
Apache ActiveMQ Broker

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apa...

2026-04-25
CVE-2026-40048
7.8
Apache Camel

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>

2026-04-28
CVE-2026-40047
Analyzed
9.1
Apache Apache Camel

An argument injection vulnerability in the Apache Camel Docling component allows attackers to inject malicious CLI flags and perform directory travers...

2026-07-07
CVE-2026-40046
7.5
Apache ActiveMQ

Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT

2026-04-11
CVE-2026-40022
8.2
Apache Camel embedded

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root contex...

2026-04-28
CVE-2026-40010
Analyzed
9.1
Apache Wicket

Apache Wicket fails to invoke the changeSessionId method after session binding, exposing the application to session fixation attacks.

2026-05-07
CVE-2026-39920
Analyzed
9.8
Apache Multiple Products

BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with...

2026-04-25
CVE-2026-39816
8.8
Apache NiFi

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi...

2026-05-09
CVE-2026-39304
7.5
Apache ActiveMQ Client

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ

2026-04-12
CVE-2026-35573
Analyzed
9.1
Apache ChurchCRM

ChurchCRM's backup restore functionality is vulnerable to path traversal, allowing authenticated administrators to overwrite configuration files and a...

2026-04-08
CVE-2026-35563
Analyzed
8.5
Apache Directory LDAP API

It was identified that the LDAP client implementation in version 2

2026-06-04
CVE-2026-35554
8.7
Apache Kafka Java

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics

2026-04-08
CVE-2026-3547
7.5
Apache Multiple Products

Out-of-bounds read in ALPN parsing due to incomplete validation

2026-03-20
CVE-2026-35337
8.8
Apache Storm

Deserialization of Untrusted Data vulnerability in Apache Storm

2026-04-14
CVE-2026-35194
8.1
Apache Flink

Code injection in SQL code generation in Apache Flink 1

2026-05-16
CVE-2026-34486
7.5
Apache Tomcat due

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor

2026-04-11
CVE-2026-34483
7.5
Apache Tomcat

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat

2026-04-11
CVE-2026-34476
7.1
Apache SkyWalking MCP

Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP

2026-04-14
CVE-2026-34381
7.5
Apache configuration

Admidio is an open-source user management solution

2026-04-01
CVE-2026-34197
KEV
8.8
Apache ActiveMQ Broker

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ

2026-04-08
CVE-2026-34059
7.5
Apache HTTP Server

Buffer Over-read vulnerability in Apache HTTP Server

2026-05-05
CVE-2026-34020
7.5
Apache OpenMeetings

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings

2026-04-11
CVE-2026-33858
8.8
Apache Airflow

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitr...

2026-04-14
CVE-2026-33704
7.1
Apache configurations where

Chamilo LMS is a learning management system

2026-04-12
CVE-2026-33557
Analyzed
9.1
Apache Kafka

A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set...

2026-04-21
CVE-2026-33307
7.5
Apache HTTPD based

Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS

2026-03-24
CVE-2026-33266
7.5
Apache OpenMeetings

Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings

2026-04-11
CVE-2026-31986
Analyzed
9.1
Apache OFBiz

Apache OFBiz contains a vulnerability involving the use of hard-coded cryptographic keys, which could allow unauthorized decryption or manipulation of...

2026-05-20
CVE-2026-31910
Analyzed
7.5
Apache OFBiz

Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz

2026-05-20
CVE-2026-31909
Analyzed
7.5
Apache OFBiz

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz

2026-05-20
CVE-2026-30911
8.1
Apache Airflow versions

Apache Airflow versions 3

2026-03-18
CVE-2026-30778
7.5
Apache SkyWalking

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL

2026-04-17
CVE-2026-29226
Analyzed
7.3
Apache OFBiz via

Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations

2026-05-20
CVE-2026-29169
7.5
Apache HTTP Server

A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2

2026-05-05
CVE-2026-29168
7.3
Apache HTTP Server

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's  mod_md via OCSP response data

2026-05-06
CVE-2026-29129
7.5
Apache Tomcat

Configured cipher preference order not preserved vulnerability in Apache Tomcat

2026-04-11
CVE-2026-28779
7.5
Apache Airflow versions

Apache Airflow versions 3

2026-03-18
CVE-2026-27811
8.8
Apache and Keepalived

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers

2026-03-18
CVE-2026-27314
8.8
Apache Cassandra

Privilege escalation in Apache Cassandra 5

2026-04-08
CVE-2026-27172
8.8
Apache Camel

The ConsulRegistry in the camel-consul component (class org

2026-04-29
CVE-2026-25199
Analyzed
9.1
Apache CloudStack

The Proxmox extension for Apache CloudStack allows unauthorized cross-tenant access to virtual machines due to improper validation of the proxmox_vmid...

2026-05-09
CVE-2026-25087
7
Apache Arrow

Use After Free vulnerability in Apache Arrow C++

2026-02-18
CVE-2026-24880
7.5
Apache Tomcat via

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension

2026-04-11
CVE-2026-24735
Analyzed
7.5
Apache Answer

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer

2026-02-05
CVE-2026-24343
8.8
Apache HertzBeat

Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat

2026-02-11
CVE-2026-24072
8.8
Apache HTTP

An escalation of privilege bug in various modules in Apache HTTP 2

2026-05-05
CVE-2026-24014
Analyzed
9.8
Apache IoTDB

A path traversal vulnerability in the Apache IoTDB DataNode RPC interface allows unauthenticated attackers to perform arbitrary file writes.

2026-07-07
CVE-2026-24013
Analyzed
9.1
Apache Apache IoTDB

Apache IoTDB contains an authentication bypass vulnerability in its Thrift RPC handlers, allowing unauthenticated attackers to spoof session IDs and a...

2026-07-07
CVE-2026-24012
Analyzed
7.5
Apache IoTDB

Uncontrolled Resource Consumption vulnerability in Apache IoTDB

2026-07-07
CVE-2026-23918
8.8
Apache HTTP Server

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol

2026-05-05
CVE-2026-23906
Analyzed
9.8
Apache Druid

Apache Druid is vulnerable to an authentication bypass when LDAP is configured to allow anonymous binds, allowing attackers to access restricted resou...

2026-02-11
CVE-2026-23902
Analyzed
8.1
Apache DolphinScheduler allows

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not...

2026-04-25
CVE-2026-23552
Analyzed
9.1
Apache Camel Keycloak

Apache Camel Keycloak fails to validate the issuer claim of JWT tokens, allowing tokens from one realm to be accepted by another, thereby breaking ten...

2026-02-24
CVE-2026-22265
Analyzed
7.5
Apache Multiple Products

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers

2026-01-16
CVE-2026-22022
Analyzed
8.2
Apache Multiple Products

Deployments of Apache Solr 5

2026-01-22
CVE-2025-70841
Analyzed
10
Apache Multi-Tenancy Based eCommerce Platform SaaS

Dokans SaaS platform allows unauthenticated attackers to download the `.env` file, exposing encryption keys, database credentials, and API keys, leadi...

2026-02-04
CVE-2025-69219
Analyzed
8.8
Apache Airflow

A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB...

2026-03-10
CVE-2025-68675
Analyzed
7.5
Apache Multiple Products

In Apache Airflow versions before 3

2026-01-18
CVE-2025-68493
Analyzed
8.1
Apache Multiple Products

Missing XML Validation vulnerability in Apache Struts, Apache Struts

2026-01-13
CVE-2025-68438
Analyzed
7.5
Apache Multiple Products

In Apache Airflow versions before 3

2026-01-18
CVE-2025-67895
Analyzed
9.8
Apache Multiple Products

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on A...

2025-12-18
CVE-2025-66675
8.2
Apache Multiple Products

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion

2025-12-11
CVE-2025-66467
8
Apache CloudStack allows

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned

2026-05-09
CVE-2025-66430
Analyzed
9.1
Apache Multiple Products

Plesk 18.0 has Incorrect Access Control.

2025-12-13
CVE-2025-66384
Analyzed
8.2
Apache Multiple Products

app/Controller/EventsController

2025-11-29
CVE-2025-66336
Analyzed
8.1
Apache Doris MCP Server

Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path

2026-06-23
CVE-2025-66296
Analyzed
8.8
Apache Multiple Products

Grav is a file-based Web platform

2025-12-02
CVE-2025-65998
Analyzed
7.5
Apache Multiple Products

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option

2025-11-25
CVE-2025-65114
Analyzed
7.5
Apache Traffic Server

Apache Traffic Server allows request smuggling if chunked messages are malformed

2026-04-03
CVE-2025-64775
Analyzed
7.5
Apache Multiple Products

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion

2025-12-02
CVE-2025-62188
7.5
Apache DolphinScheduler

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler

2026-04-10
CVE-2025-61735
Analyzed
7.3
Apache Multiple Products

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin

2025-10-02
CVE-2025-61734
Analyzed
7.5
Apache Multiple Products

Files or Directories Accessible to External Parties vulnerability in Apache Kylin

2025-10-02
CVE-2025-61733
Analyzed
7.5
Apache Multiple Products

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin

2025-10-02
CVE-2025-61581
Analyzed
7.5
Apache Multiple Products

** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control

2025-10-17
CVE-2025-60425
Analyzed
8.6
Apache Multiple Products

Nagios Fusion v2024R1

2025-10-27
CVE-2025-59932
Analyzed
8.6
Apache Multiple Products

Flag Forge is a Capture The Flag (CTF) platform

2025-09-28
CVE-2025-59789
Analyzed
7.5
Apache Multiple Products

Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1

2025-12-02
CVE-2025-59390
Analyzed
9.8
Apache Multiple Products

Apache Druid’s Kerberos authenticator uses a weak fallback secret when the `druid.auth.authenticator.kerberos.cookieSignatureSecret` configuration is...

2025-11-27
CVE-2025-59118
7.3
Apache Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz

2025-11-14
CVE-2025-59059
Analyzed
9.8
Apache Ranger versions

A remote code execution (RCE) vulnerability exists in the NashornScriptEngineCreator component of Apache Ranger versions 2.7.0 and earlier.

2026-03-04
CVE-2025-58137
Analyzed
8.1
Apache Multiple Products

Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract

2025-12-13
CVE-2025-58136
Analyzed
7.5
Apache Traffic Server

A bug in POST request handling causes a crash under a certain condition

2026-04-03
CVE-2025-58130
Analyzed
9.1
Apache Multiple Products

Insufficiently Protected Credentials vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in vers...

2025-12-13
CVE-2025-58098
Analyzed
8.3
Apache Multiple Products

Apache HTTP Server 2

2025-12-06
CVE-2025-57738
Analyzed
7.2
Apache Multiple Products

Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few J...

2025-10-20
CVE-2025-56266
Analyzed
9.8
Apache Multiple Products

A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.

2025-09-08
CVE-2025-55754
Analyzed
9.6
Apache Multiple Products

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log mess...

2025-10-28
CVE-2025-55752
Analyzed
7.5
Apache Multiple Products

Relative Path Traversal vulnerability in Apache Tomcat

2025-10-27
CVE-2025-54988
Analyzed
9.8
Apache Multiple Products

Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out...

2025-08-21
CVE-2025-54981
Analyzed
7.5
Apache Multiple Products

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, includ...

2025-12-13
CVE-2025-54920
8.8
Apache Spark

This issue affects Apache Spark: before 3

2026-03-18
CVE-2025-54831
Analyzed
7.5
Apache Multiple Products

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections

2025-09-26
CVE-2025-54539
Analyzed
9.8
Apache Multiple Products

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ N...

2025-10-16
CVE-2025-54472
7.5
Apache Multiple Products

Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1

2025-08-14
CVE-2025-53833
Analyzed
10
Apache Multiple Products

LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Ser...

2025-07-14
CVE-2025-53689
Analyzed
8.8
Apache Multiple Products

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2

2025-07-14
CVE-2025-53606
Analyzed
9.8
Apache Multiple Products

Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recomme...

2025-08-08
CVE-2025-53192
Analyzed
8.8
Apache Multiple Products

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL

2025-08-19
CVE-2025-52122
Analyzed
9.8
Apache Multiple Products

Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code...

2025-08-27
CVE-2025-48989
7.5
Apache Multiple Products

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack

2025-08-14
CVE-2025-48913
Analyzed
9.8
Apache Multiple Products

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capa...

2025-08-08
CVE-2025-48431
7.5
Apache Thrift

Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings

2026-04-29
CVE-2025-48392
7.5
Apache Multiple Products

A vulnerability in Apache IoTDB

2025-09-24
CVE-2025-48208
8.8
Apache Multiple Products

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat

2025-09-10
CVE-2025-46295
Analyzed
9.8
Apache Multiple Products

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the te...

2025-12-17
CVE-2025-40933
7.5
Apache Multiple Products

Apache::AuthAny::Cookie v0

2025-09-17
CVE-2025-40932
8.2
Apache Multiple Products

Apache::SessionX versions through 2

2026-02-28
CVE-2025-33042
7.3
Apache Avro Java

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro s...

2026-02-14
CVE-2025-30001
Analyzed
7.3
Apache Multiple Products

Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark

2025-10-10
CVE-2025-27821
Analyzed
7.3
Apache Multiple Products

Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client

2026-01-27
CVE-2025-26467
Analyzed
8.8
Apache Multiple Products

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra

2025-08-25
CVE-2025-24404
8.8
Apache Multiple Products

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat

2025-09-10
CVE-2025-15026
Analyzed
9.8
Apache Multiple Products

Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functional...

2026-01-06
CVE-2025-12543
Analyzed
9.6
Apache Multiple Products

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to pro...

2026-01-08
CVE-2024-48988
Analyzed
7.6
Apache Multiple Products

SQL Injection vulnerability in Apache StreamPark

2025-08-23
CVE-2024-43166
Analyzed
9.8
Apache Multiple Products

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommen...

2025-09-03
CVE-2024-43115
Analyzed
8.8
Apache Multiple Products

Improper Input Validation vulnerability in Apache DolphinScheduler

2025-09-03
CVE-2023-50780
Analyzed
8.8
Apache ActiveMQ Artemis

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia...

2026-06-16
CVE-2019-25671
Analyzed
8.8
Apache user

VA MAX 8

2026-04-06
CVE-2016-20026
Analyzed
9.8
Apache ZKBioSecurity

ZKTeco ZKBioSecurity 3.0 uses hardcoded credentials in its bundled Apache Tomcat server, allowing unauthenticated attackers to execute arbitrary code...

2026-03-17
CVE-2016-15057
Analyzed
9.9
Apache Multiple Products

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Continuum....

2026-01-27
CVE-2013-10075
Analyzed
9.1
Apache Apache::Session

Apache::Session for Perl fails to properly handle session deletion, allowing for the potential revival of deleted session data.

2026-05-09