Apache Latest Vulnerabilities
Latest vulnerabilities published by apache
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Apache CXF: No restriction on attachment headers per message
CVE-2026-50645ApacheApache Cxf7.5HIGHApache CXF: WS JSON request filter trusts metadata from an unvalidated first signature entry
CVE-2026-50634ApacheApache Cxf6.5MEDIUMApache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl
CVE-2026-50633ApacheApache Cxf8.1HIGHApache CXF: JNDI Injection Vulnerability in JMSConfigFactory
CVE-2026-50632ApacheApache Cxf8.1HIGHApache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing
CVE-2026-50631ApacheApache Cxf7.4HIGHApache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection
CVE-2026-50630ApacheApache Cxf6.5MEDIUMApache CXF: OAuth2: Log Injection via Unsanitized Client Identifier
CVE-2026-50629ApacheApache Cxf5.3MEDIUMApache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control
CVE-2026-50628ApacheApache CxfApache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator
CVE-2026-50627ApacheApache CxfApache CXF: XML External Entity (XXE) Injection in W3CMultiSchemaFactory and EndpointReferenceUtils
CVE-2026-49875ApacheApache CxfApache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService
CVE-2026-50623ApacheApache Cxf6.5MEDIUMApache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
CVE-2026-47342ApacheApache Ofbiz8.8HIGHApache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution
CVE-2026-50223ApacheApache Ofbiz8.8HIGHApache Answer: AdminToken not invalidated after admin deactivation
CVE-2026-25700ApacheApache Answer7.2HIGHApache Airflow Samba provider: Path traversal in GCSToSambaOperator via GCS object names
CVE-2026-49818ApacheApache Airflow Samba P...6.5MEDIUMApache Answer: Unlisted Questions Accessible via Direct API Access
CVE-2026-34905ApacheApache Answer6.5MEDIUMApache Answer: HTML Content Injection in Email
CVE-2026-34033ApacheApache Answer5.4MEDIUMApache Answer: The custom avatar was not properly validated
CVE-2026-34031ApacheApache Answer6.5MEDIUMApache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error
CVE-2026-33582ApacheApache Answer6.5MEDIUMApache Answer: Authorization Bypass in Timeline API
CVE-2026-25699ApacheApache Answer6.1MEDIUMApache Answer: XSS in AI Answer Rendering
CVE-2026-25688ApacheApache Answer6.1MEDIUMApache HTTP Server: mod_http2 denial of service
CVE-2026-49975ApacheApache Http ServerππΎπ‘7.5HIGHApache HTTP Server: mod_http2 memory corruption when file handles exhausted
CVE-2026-48913ApacheApache Http Server7.3HIGHApache HTTP Server: mod_xml2enc heap overflow
CVE-2026-42536ApacheApache Http Server7.5HIGHApache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`
CVE-2026-44185ApacheApache Http Server7.3HIGH