Apache

CVE-2026-34197 is a high-severity code injection vulnerability in Apache ActiveMQ (versions before 5.19.4 and 6.0.0-6.2.3) caused by improper input validation i…

CVE-2006-1547 is a denial of service vulnerability in Apache Struts 1 ActionForm prior to version 1.2.9, caused by improper handling of multipart/form-data para…

CVE-2012-0391 is a critical remote code execution vulnerability in Apache Struts versions prior to 2.2.3.1, classified under CWE-94. The flaw allows remote atta…

CVE-2013-2251 is a critical remote code execution vulnerability in Apache Struts versions 2.0.0 through 2.3.15, classified under CWE-74 (Improper Neutralization…

CVE-2016-3088 is a critical remote code execution vulnerability in Apache ActiveMQ 5.x versions prior to 5.14.0, classified under CWE-434 Improper Restriction o…

CVE-2016-4437 is listed on CISA's Known Exploited Vulnerabilities catalog as actively exploited in the wild, with a federal remediation deadline of 2022-05-03. …

CVE-2016-8735 is a critical remote code execution vulnerability in Apache Tomcat versions before 6.0.48, 7.0.73, 8.0.39, 8.5.7, and 9.0.0.M12 when JmxRemoteLife…

CVE-2017-12615 is a remote code execution vulnerability in Apache Tomcat versions 7.0.0 through 7.0.79 on Windows when HTTP PUTs are enabled. It allows attacker…

CVE-2017-12617 is a remote code execution vulnerability in Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46, and 7.0.0 to 7.0.81 w…

CVE-2017-5638 is a critical remote code execution vulnerability in Apache Struts 2 affected by the CISA Known Exploited Vulnerabilities catalog as actively expl…

CVE-2017-9791 is a critical remote code execution vulnerability in Apache Struts 1 plugin versions 2.1.x and 2.3.x, classified under CWE-20 (Improper Input Vali…

CVE-2017-9805 is a vulnerability in Apache Struts that has been added to CISA's Known Exploited Vulnerabilities catalog as of November 3, 2021, with a federal r…

CVE-2018-11776 is a high-severity Remote Code Execution vulnerability in Apache Struts versions 2.3 through 2.3.34 and 2.5 through 2.5.16. The flaw occurs when …

CVE-2019-0193 is a high-severity vulnerability in Apache Solr affecting the DataImportHandler module, allowing arbitrary script execution via the dataConfig par…

CVE-2019-0211 is a high-severity privilege escalation vulnerability in Apache HTTP Server versions 2.4.17 through 2.4.38 affecting non-Unix systems. It allows c…

CVE-2019-17558 is an actively exploited vulnerability in Apache Solr, listed on CISA's Known Exploited Vulnerabilities catalog with a federal remediation deadli…

CVE-2020-11978 is an actively exploited vulnerability in Apache Airflow, listed on CISA's Known Exploited Vulnerabilities catalog with a federal remediation dea…

CVE-2020-13927 affects Apache Airflow's Experimental API, which previously allowed all API requests without authentication by default, creating an authenticatio…

CVE-2020-17519 is a path traversal vulnerability in Apache Flink versions 1.11.0 through 1.11.2 that allows attackers to read local files via the JobManager RES…

CVE-2020-17530 is a vulnerability in Apache Struts that is actively exploited in the wild, as indicated by its inclusion in CISA's Known Exploited Vulnerabiliti…

CVE-2020-1938 is a critical vulnerability in Apache Tomcat versions 9.0.0.M1 through 9.0.0.30, 8.5.0 through 8.5.50, and 7.0.0 through 7.0.99, caused by a defau…

CVE-2020-1956 is a command injection vulnerability in Apache Kylin versions 2.3.0 through 2.6.5 and 3.0.1, caused by unsafe concatenation of user input into OS …

CVE-2021-40438 is an actively exploited vulnerability in Apache products listed on CISA's KEV catalog with a federal remediation deadline of December 15, 2021. …

CVE-2021-41773 is a critical vulnerability in Apache HTTP Server that is actively exploited in the wild, as confirmed by CISA's Known Exploited Vulnerabilities …

CVE-2021-42013 is a vulnerability in Apache HTTP Server that is actively exploited in the wild, as indicated by its inclusion in CISA's Known Exploited Vulnerab…

CVE-2021-44228 is a critical remote code execution vulnerability in Apache Log4j2 that is actively exploited in the wild and listed on CISA's Known Exploited Vu…

CVE-2021-45046 is a critical vulnerability in Apache Log4j 2 versions prior to 2.15.0, stemming from an incomplete fix for CVE-2021-44228 in specific non-defaul…

CVE-2022-24112 is a critical vulnerability in Apache APISIX affecting the batch-requests plugin, allowing attackers to bypass IP restrictions on the Admin API a…

CVE-2022-24706 is a critical vulnerability in Apache CouchDB versions prior to 3.2.2 that allows unauthenticated attackers to access improperly secured default …

CVE-2022-33891 is a critical command injection vulnerability in Apache Spark versions 3.0.3 and earlier, 3.1.1 to 3.1.2, and 3.2.0 to 3.2.1. It allows arbitrary…

CVE-2023-27524 is a session validation vulnerability in Apache Superset versions up to and including 2.0.1 that allows attackers to authenticate and access unau…

CVE-2023-33246 is a critical remote code execution vulnerability in Apache RocketMQ versions 5.1.0 and below, classified under CWE-94. The flaw arises from leak…

CVE-2023-46604 is a critical Remote Code Execution vulnerability in Apache ActiveMQ caused by insecure deserialization in the Java OpenWire protocol marshaller.…

CVE-2024-27348 is an actively exploited vulnerability in Apache HugeGraph-Server, listed on CISA's Known Exploited Vulnerabilities catalog with a federal remedi…

CVE-2024-32113 is a critical path traversal vulnerability (CWE-22) affecting Apache OFBiz versions prior to 18.12.13, allowing improper limitation of pathname a…

CVE-2024-38475 is a critical vulnerability in Apache HTTP Server versions 2.4.59 and earlier, classified as CWE-116 (Improper Output Neutralization for Logs). I…

CVE-2024-38856 is a critical incorrect authorization vulnerability in Apache OFBiz versions through 18.12.14, classified under CWE-863. It allows unauthenticate…

CVE-2024-45195 is a HIGH severity (CVSS 7.5) Direct Request or Forced Browsing vulnerability affecting Apache OFBiz versions prior to 18.12.16, classified under…

CVE-2025-24813 is a critical vulnerability in Apache Tomcat versions 11.0.0-M1 through 11.0.2, 10.1.0-M1 through 10.1.34, and 9.0.0.M1 through 9.0.98, allowing …

Apache CXF contains an LDAP injection vulnerability (CWE-90) in its XKMS server's LDAP Certificate repository, allowing attackers to retrieve arbitrary certific…

CVE-2026-45434 is a critical remote code execution vulnerability in Apache OFBiz versions prior to 24.09.06, classified under CWE-287 as an improper authenticat…

CVE-2026-47323 is a critical vulnerability in Apache Camel versions 3.18.0 through 4.18.2, excluding 4.14.6 and 4.18.2, caused by missing inbound header filteri…

CVE-2026-48207 is a critical deserialization vulnerability in Apache Fory PyFory versions prior to 1.0.0, classified under CWE-502. It allows attackers to bypas…

CVE-2026-31986 is a critical vulnerability in Apache OFBiz versions prior to 24.09.06, classified as CWE-321 (Use of Hard-coded Cryptographic Key). The issue ca…

CVE-2026-41919 is a critical LDAP injection vulnerability (CWE-90) affecting Apache OFBiz versions prior to 24.09.06. The issue allows attackers to manipulate L…