Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how apache compares to other vendors in security performance

View Risk Score →

Apache OFBizApache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution

Risk 83
Severity
8.8
First published (updated )
CVE-2026-46586

Apache OFBizApache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File Access

Risk 46
Severity
7.5
First published (updated )
CVE-2026-31910

Apache Apache OFBizApache OFBiz: Unauthenticated Shipment Label Image Disclosure

Risk 46
Severity
7.5
First published (updated )
CVE-2026-31909

Apache OFBizApache OFBiz: Low-Privilege SSRF in Content Component

Risk 51
Severity
7.3
First published (updated )
CVE-2026-29226

Apache FlinkApache Flink: Remote code execution via SQL injection in code generation

Risk 63
Severity
8.1
First published (updated )
CVE-2026-35194
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache TomcatApache Tomcat: LockOutRealm treats user names as case-sensitive

Risk 46
Severity
7.5
First published (updated )
CVE-2026-43513

Apache TomcatApache Tomcat: WebSocket authentication header exposure

Risk 54
Severity
7.3
First published (updated )
CVE-2026-42498

Apache TomcatApache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling

Risk 46
Severity
7.5
First published (updated )
CVE-2026-41284

Apache CloudStackApache CloudStack: Unauthenticated Command Injection in Direct Download Templates

Risk 83
Severity
8.8
First published (updated )
CVE-2026-25077

Apache CloudStackApache CloudStack: MinIO policy remains intact on bucket deletion

Risk 63
Severity
8.1
First published (updated )
CVE-2025-66467
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache CloudStackApache CloudStack: Any user can attach a volume in their VMs from backups they should not have access to

Risk 63
Severity
8.1
First published (updated )
CVE-2025-66172

Apache wicketApache Wicket: crafted URLs can bypass PackageResourceGuard

Risk 46
Severity
7.5
First published (updated )
CVE-2026-43646

Apache HTTP ServerApache HTTP Server: mod_md unrestricted OCSP response

Risk 54
Severity
7.3
First published (updated )
CVE-2026-29168

Apache ThriftApache Thrift: Node.js web_server.js multi-vulnerability

Risk 54
Severity
7.3
First published (updated )
CVE-2026-43870

Apache ThriftApache Thrift: TSSLTransportFactory.java hostname verification

Risk 54
Severity
7.3
First published (updated )
CVE-2026-43869
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache HTTP ServerApache HTTP Server: mod_dav_lock indirect lock crash

Risk 46
Severity
7.5
Trending
Month
First published (updated )
CVE-2026-29169

Apache HTTP ServerApache HTTP Server: http2: double free and possible RCE on early reset

Risk 84
Severity
8.8
First published (updated )
CVE-2026-23918

Apache HTTP ServerApache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()

Risk 46
Severity
7.5
First published (updated )
CVE-2026-34059

Apache HTTP ServerApache HTTP Server: mod_rewrite elevation of privileges via ap_expr

Risk 84
Severity
8.8
First published (updated )
CVE-2026-24072

Apache AtlasApache Atlas: Script injection allows access to unintended data

Risk 63
Severity
8.1
First published (updated )
CVE-2026-40563
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache OpenNLPApache OpenNLP: OOM DoS via Unbounded Array Allocation in AbstractModelReader

Risk 46
Severity
7.5
First published (updated )
CVE-2026-42440

Apache NeethiApache Neethi: Unrestricted HTTP Redirect Following in Policy References

Risk 47
Severity
7.2
First published (updated )
CVE-2026-42404

Apache NeethiApache Neethi: Policy Normalization Unbounded Resource Allocation DoS

Risk 46
Severity
7.5
First published (updated )
CVE-2026-42402

Apache NeethiApache Neethi: Circular Policy Reference Infinite Loop

Risk 46
Severity
7.5
First published (updated )
CVE-2026-42403

Apache Thrift c_glibApache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.

Risk 46
Severity
7.5
First published (updated )
CVE-2025-48431
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache ThriftApache Thrift: Java TSSLTransportFactory hostname verification

Risk 60
Severity
7.4
First published (updated )
CVE-2026-41603

Apache ThriftApache Thrift: Go TFramedTransport uint32 overflow

Risk 46
Severity
7.5
First published (updated )
CVE-2026-41602

Apache ThriftApache Thrift: Swift Range crash in skip()

Risk 57
Severity
8.2
First published (updated )
CVE-2026-41604

Apache ThriftApache Thrift: Swift Compact Protocol integer overflow

Risk 54
Severity
7.3
First published (updated )
CVE-2026-41605

Apache ThriftApache Thrift: Node.js skip() recursion

Risk 50
Severity
8.7
First published (updated )
CVE-2026-41636
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203