Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how apache compares to other vendors in security performance

View Risk Score →

Apache OFBizApache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users to Submit System Jobs

Risk 42
Severity
6.5
First published (updated )
CVE-2026-45187

Apache Apache OFBizApache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services

Risk 42
Severity
6.5
First published (updated )
CVE-2026-35086

Apache OFBizApache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters

Risk 40
Severity
6.1
First published (updated )
CVE-2026-31906

Apache OFBizApache OFBiz: Cross-Tenant Data Exposure via Program Export Feature

Risk 28
Severity
5.3
First published (updated )
CVE-2026-31388

Apache Apache OFBizApache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonation

Risk 28
Severity
5.3
First published (updated )
CVE-2026-31387
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache Apache OFBizApache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass

Risk 42
Severity
6.5
First published (updated )
CVE-2026-31380

Apache OFBizApache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager

Risk 40
Severity
6.1
First published (updated )
CVE-2026-31379

Apache Apache OFBizApache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execution

Risk 42
Severity
6.5
First published (updated )
CVE-2026-31378

Apache OFBizApache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component

Risk 40
Severity
6.5
First published (updated )
CVE-2026-29207

Apache OFBizApache OFBiz: Low-Privilege LFI in Content Component

Risk 40
Severity
6.5
First published (updated )
CVE-2026-29220
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache Commons ConfigurationApache Commons Configuration: StackOverflowError for YAML input with cycles

Risk 28
Severity
5.3
First published (updated )
CVE-2026-45205

pypi/apache-airflow-providers-elasticsearchApache Airflow Providers Elasticsearch: Elasticsearch task-log handler leaks credentials embedded in the host URL

Risk 40
Severity
6.5
First published (updated )
CVE-2026-41018

pypi/apache-airflow-providers-opensearchApache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL

Risk 40
Severity
6.5
First published (updated )
CVE-2026-43826

Apache CloudStackApache CloudStack: Domain/account resources limits not honored

Risk 40
Severity
6.5
First published (updated )
CVE-2025-69233

Apache CloudStack Backup pluginApache CloudStack: Any user can create a new VM from backups they should not have access to

Risk 40
Severity
6.5
First published (updated )
CVE-2025-66171
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache CloudStack Backup pluginApache CloudStack: Any user can list backups that they should not have access to

Risk 40
Severity
6.5
First published (updated )
CVE-2025-66170

Apache wicketApache Wicket: Possible malicious path traversal in FolderUploadsFileManager

Risk 42
Severity
6.5
First published (updated )
CVE-2026-43975

Apache wicketApache Wicket: crafted strings can break out of the JavaScript sequence

Risk 40
Severity
6.1
First published (updated )
CVE-2026-42509

Apache Thrift (Rust)Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern

Risk 30
Severity
5.3
First published (updated )
CVE-2026-43868

Apache HTTP ServerApache HTTP Server: mod_auth_digest timing attack

Risk 34
Severity
4.8
First published (updated )
CVE-2026-33006
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache HTTP ServerApache HTTP Server: mod_authn_socache crash

Risk 29
Severity
5.3
First published (updated )
CVE-2026-33007

Apache HTTP ServerApache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

Risk 42
Severity
6.5
First published (updated )
CVE-2026-33523

Apache HTTP ServerApache HTTP Server: Off-by-one OOB reads in AJP getter functions

Risk 29
Severity
5.3
First published (updated )
CVE-2026-33857

Apache HTTP ServerApache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)

Risk 29
Severity
5.3
First published (updated )
CVE-2026-34032

Apache NeethiApache Neethi does not impose any restrictions on URIs when manually fetching remote policy referenc…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2464324
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache NeethiApache Neethi does not properly detect circular references in policy definitions. When a WS-Policy d…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2464314

Apache Apache NeethiApache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy n…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2464315

pypi/apache-airflow-providers-smtpApache Airflow Providers SMTP: No certificate validation on SMTP STARTTLS connections in SMTP provider

Risk 35
Severity
5.9
First published (updated )
CVE-2026-41016

Apache ThriftApache Thrift: c_glib dispatch stack overflow

Risk 30
Severity
5.3
First published (updated )
CVE-2026-41606

Apache ThriftApache Thrift: C++ JSON OOB read

Risk 42
Severity
6.5
First published (updated )
CVE-2026-41607
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203