Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how apache compares to other vendors in security performance

View Risk Score →

Apache ForyApache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Risk 90
Severity
9.8
First published (updated )
CVE-2026-48207

Apache Apache CamelApache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering

Risk 90
Severity
9.8
First published (updated )
CVE-2026-47323

Apache OFBizApache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE

Risk 90
Severity
9.8
First published (updated )
CVE-2026-45434

Apache Apache OFBizApache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction

Risk 70
Severity
9.1
First published (updated )
CVE-2026-41919

Apache Apache OFBizApache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injection

Risk 70
Severity
9.1
First published (updated )
CVE-2026-31986
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache TomcatApache Tomcat: Security constraints not correctly applied

Risk 70
Severity
9.1
First published (updated )
CVE-2026-43515

Apache TomcatApache Tomcat: Digest authenticator will authenticate any unknown user

Risk 90
Severity
9.8
First published (updated )
CVE-2026-43512

Apache TomcatApache Tomcat: HTTP/2 request headers not validated

Risk 90
Severity
9.8
First published (updated )
CVE-2026-41293

Apache CloudStackApache CloudStack: Proxmox Extension Allows Unauthorized Cross-Tenant Instance Access

Risk 70
Severity
9.1
First published (updated )
CVE-2026-25199

Apache wicketApache Wicket: possible session fixation using AuthenticatedWebSession

Risk 70
Severity
9.1
First published (updated )
CVE-2026-40010
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache HTTP ServerApache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()

Risk 90
Severity
9.8
First published (updated )
CVE-2026-28780

Apache PolarisApache Polaris: No protection on `write.metadata.path`

Risk 87
Severity
9.4
First published (updated )
CVE-2026-42812

Apache PolarisApache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions

Risk 87
Severity
9.4
First published (updated )
CVE-2026-42811

Apache PolarisApache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table names

Risk 87
Severity
9.4
First published (updated )
CVE-2026-42810

Apache PolarisApache Polaris: staged table creation could vend storage credentials for unvalidated locations

Risk 87
Severity
9.4
First published (updated )
CVE-2026-42809
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache OpenNLPApache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoader

Risk 90
Severity
9.8
First published (updated )
CVE-2026-42027

Apache OpenNLPApache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor

Risk 70
Severity
9.1
First published (updated )
CVE-2026-40682

Apache MINAApache MINA: CWE-502 Deserialization of Untrusted Data (take 2)

Risk 86
Severity
9.8
First published (updated )
CVE-2026-42778

Apache MINAApache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2)

Risk 86
Severity
9.8
First published (updated )
CVE-2026-42779

Pony Mail (Lua implementation)Pony Mail: Admin account takeover via request smuggling

Risk 90
Severity
9.8
First published (updated )
CVE-2026-41873
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache MINAApache MINA: CWE-502 Deserialization of Untrusted Data

Risk 90
Severity
9.8
First published (updated )
CVE-2026-41409

Apache MINAApache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE

Risk 91
Severity
9.8
First published (updated )
CVE-2026-41635

Apache CamelApache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp

Risk 91
Severity
9.8
First published (updated )
CVE-2026-40860

Apache CamelApache Camel JMS, Apache Camel CoAP, Apache Camel Google PubSub: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection

Risk 88
Severity
9.9
Trending
Month
First published (updated )
CVE-2026-40453

Apache CamelApache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant)

Risk 81
Severity
9.4
First published (updated )
CVE-2026-33454
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache CamelApache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution

Risk 92
Severity
10
First published (updated )
CVE-2026-33453

Apache AirflowApache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)

Risk 91
Severity
9.8
First published (updated )
CVE-2026-25917

Apache KafkaApache Kafka: Missing JWT token validation in OAUTHBEARER authentication

Risk 70
Severity
9.1
First published (updated )
CVE-2026-33557

Apache Apache APISIXApache APISIX: forward auth plugin allows header injection

Risk 70
Severity
9.1
First published (updated )
CVE-2026-31908

Apache TomcatApache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled

Risk 70
Severity
9.1
First published (updated )
CVE-2026-29145
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203