Apache Latest High Vulnerabilities

Privilege Escalation Vulnerability in Apache Cassandra

CVE-2025-23015

ApacheApache Cassandra8.8HIGH

Pseudo-Random Number Generator Flaw in Apache Cocoon by Apache

CVE-2025-24783

ApacheApache Cocoon7.5HIGH

SSRF Vulnerability in Apache Ranger UI Version 2.4.0

CVE-2024-45479

ApacheApache Ranger9.1CRITICAL

Remote Code Injection Vulnerability in Apache Ambari Metrics by Apache

CVE-2024-51941

ApacheApache Ambari8.8HIGH

XML External Entity Vulnerability in Apache Ambari and Oozie

CVE-2025-23195

ApacheApache Ambari7.5HIGH

Code Injection Vulnerability in Ambari Alert Definition by Apache

CVE-2025-23196

ApacheApache Ambari8.8HIGH

Insufficient Session Expiration in Apache Airflow Fab Provider

CVE-2024-45033

ApacheApache Airflow Fab Pro...8.1HIGH

Deserialization Vulnerability in Apache OpenMeetings by The Apache Software Foundation

CVE-2024-54676

ApacheApache Openmeetings9.8CRITICAL

Remote Code Execution Risk in Apache MINA ObjectSerializationDecoder

CVE-2024-52046

ApacheApache Mina🥇📈10CRITICAL

SQL Injection Vulnerability in Apache Traffic Control

CVE-2024-45387

ApacheApache Traffic Control📈💰👾🟡📰9.9CRITICAL

Race Condition Vulnerability in Apache Tomcat Affects Multiple Versions

CVE-2024-56337

ApacheApache Tomcat🥇📈👾🟡📰9.8CRITICAL

Race Condition Vulnerability in Apache Tomcat Leading to Remote Code Execution

CVE-2024-50379

ApacheApache Tomcat🥇📈👾🟡📰9.8CRITICAL

Unchecked Error Condition Vulnerability Affects Apache Tomcat

CVE-2024-52316

ApacheApache Tomcat👾🟡9.8CRITICAL

Security Flaw Allowing Malicious Template Registration in Apache CloudStack

CVE-2024-50386

ApacheApache CloudStack9.9CRITICAL

Allocation of Resources Without Limits or Throttling Vulnerability Affects Multiple Apache Tomcat Versions

CVE-2024-38286

ApacheApache Tomcat8.6HIGH

Attackers Can Trick Users into Submitting Malicious CSRF Requests, Leading to Privilege Escalation and Data Exposure

CVE-2024-45693

Apache CloudStackCloudstack8.8HIGH

Unexpected Session Expiration Vulnerability Affects CloudStack Users

CVE-2024-45462

Apache CloudStackCloudstack7.1HIGH

Arbitrary File Write Vulnerability in ActiveMQ Artemis Could Lead to RCE

CVE-2023-50780

ApacheApache ActiveMQ Artemis👾🟡8.8HIGH

Deserialization of Untrusted Data Vulnerability Affecting Apache Lucene Replicator

CVE-2024-45772

ApacheApache Lucene Replicator8HIGH

Unintended Publishing of Sensitive Information in Maven Artifact

CVE-2024-47197

ApacheMaven Archetype Plugin7.5HIGH

Deserialization Vulnerability in Apache Seata by Apache

CVE-2024-22399

ApacheSeata9.8CRITICAL

Apache OFBiz vulnerable to 'Forced Browsing' (Direct Request) attack

CVE-2024-45195

ApacheApache Ofbiz👾🟡🦅📰7.5HIGH

Server-Side Request Forgery (SSRF) and Improper Control of Generation of Code (Code Injection) Vulnerability in Apache OFBiz

CVE-2024-45507

ApacheApache Ofbiz📈EPSS 65%9.8CRITICAL

MySQL Security Vulnerability in Apache SeaTunnel

CVE-2023-49198

ApacheApache Seatunnel Web7.5HIGH

GHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull}

CVE-2024-42361

ApacheHertzbeat9.8CRITICAL

Vulnerability Published:

Sort By:

4 February 2025

Privilege Escalation Vulnerability in Apache Cassandra

27 January 2025

Pseudo-Random Number Generator Flaw in Apache Cocoon by Apache

21 January 2025

SSRF Vulnerability in Apache Ranger UI Version 2.4.0

Remote Code Injection Vulnerability in Apache Ambari Metrics by Apache

XML External Entity Vulnerability in Apache Ambari and Oozie

Code Injection Vulnerability in Ambari Alert Definition by Apache

8 January 2025

Insufficient Session Expiration in Apache Airflow Fab Provider

Deserialization Vulnerability in Apache OpenMeetings by The Apache Software Foundation

25 December 2024

Remote Code Execution Risk in Apache MINA ObjectSerializationDecoder

23 December 2024

SQL Injection Vulnerability in Apache Traffic Control

20 December 2024

Race Condition Vulnerability in Apache Tomcat Affects Multiple Versions

17 December 2024

Race Condition Vulnerability in Apache Tomcat Leading to Remote Code Execution

18 November 2024

Unchecked Error Condition Vulnerability Affects Apache Tomcat

12 November 2024

Security Flaw Allowing Malicious Template Registration in Apache CloudStack

7 November 2024

Allocation of Resources Without Limits or Throttling Vulnerability Affects Multiple Apache Tomcat Versions

16 October 2024

Attackers Can Trick Users into Submitting Malicious CSRF Requests, Leading to Privilege Escalation and Data Exposure

Unexpected Session Expiration Vulnerability Affects CloudStack Users

14 October 2024

Arbitrary File Write Vulnerability in ActiveMQ Artemis Could Lead to RCE

30 September 2024

Deserialization of Untrusted Data Vulnerability Affecting Apache Lucene Replicator

26 September 2024

Unintended Publishing of Sensitive Information in Maven Artifact

16 September 2024

Deserialization Vulnerability in Apache Seata by Apache

4 September 2024

Apache OFBiz vulnerable to 'Forced Browsing' (Direct Request) attack

Server-Side Request Forgery (SSRF) and Improper Control of Generation of Code (Code Injection) Vulnerability in Apache OFBiz

21 August 2024

MySQL Security Vulnerability in Apache SeaTunnel

20 August 2024

GHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull}