VYPR

Vendor CVEs

Apache

All CVEs

2,550 total · sorted by risk
  • CVE-2013-10075CriMay 8, 2026
    risk 0.59cvss 9.1epss 0.00

    Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to…

  • CVE-2026-5081CriMay 6, 2026
    risk 0.59cvss 9.1epss 0.00

    Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_ID environment variable for the session id. The UNIQUE_ID variable is set by the…

  • CVE-2026-40010CriMay 6, 2026
    risk 0.59cvss 9.1epss 0.00

    Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended…

  • CVE-2026-40682CriMay 4, 2026
    risk 0.59cvss 9.1epss 0.00

    XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling…

  • CVE-2026-40466HigApr 24, 2026
    risk 0.59cvss 8.8epss 0.04

    Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery…

  • CVE-2025-40931CriMar 5, 2026
    risk 0.59cvss 9.1epss 0.01

    Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID.…

  • CVE-2019-17571CriDec 20, 2019
    risk 0.59cvss 9.8epss 0.69

    Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects…

  • CVE-2017-9798HigSep 18, 2017
    risk 0.59cvss 7.5epss 0.95

    Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through…

  • CVE-2026-33453CriApr 27, 2026
    risk 0.58cvss 10.0epss 0.05

    Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP…

  • CVE-2018-1331HigJul 10, 2018
    risk 0.58cvss 8.8epss 0.04

    In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.

  • CVE-2018-10583HigMay 1, 2018
    risk 0.58cvss 7.5epss 0.79

    An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content…

  • CVE-2017-5641CriDec 28, 2017
    risk 0.58cvss 9.8epss 0.21

    Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types…

  • CVE-2016-3090HigOct 30, 2017
    risk 0.58cvss 8.8epss 0.06

    The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.

  • CVE-2016-4461HigOct 16, 2017
    risk 0.58cvss 8.8epss 0.08

    Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.

  • CVE-2017-5637HigOct 10, 2017
    risk 0.58cvss 7.5epss 0.74

    Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue,…

  • CVE-2016-8744HigSep 13, 2017
    risk 0.58cvss 8.8epss 0.04

    Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type…

  • CVE-2016-4462HigAug 30, 2017
    risk 0.58cvss 8.8epss 0.04

    By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade…

  • CVE-2017-9799HigAug 9, 2017
    risk 0.58cvss 8.8epss 0.05

    It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could…

  • CVE-2017-6891HigMay 22, 2017
    risk 0.58cvss 8.8epss 0.06

    Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

  • CVE-2016-8749CriMar 28, 2017
    risk 0.58cvss 9.8epss 0.11

    Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.

  • CVE-2016-8740HigDec 5, 2016
    risk 0.58cvss 7.5epss 0.79

    The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in…

  • CVE-2016-4438CriJul 4, 2016
    risk 0.58cvss 9.8epss 0.17

    The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.

  • CVE-2015-5351HigFeb 25, 2016
    risk 0.58cvss 8.8epss 0.09

    The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a…

  • CVE-2026-50223HigJun 10, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects…

  • CVE-2026-47342HigJun 10, 2026
    risk 0.57cvss 8.8epss 0.00

    A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue.

  • CVE-2026-44631CriJun 8, 2026
    risk 0.57cvss 9.8epss 0.00

    Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

  • CVE-2026-29167CriJun 8, 2026
    risk 0.57cvss 9.8epss 0.01

    Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

  • CVE-2026-49157HigJun 1, 2026
    risk 0.57cvss 8.8epss 0.00

    Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin (low-privilege) web-login accounts access to Jolokia operations which…

  • CVE-2026-45505HigJun 1, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as `masterslave:vm://...,...` and `static:vm://...` incorrectly pass…

  • CVE-2026-48207CriMay 21, 2026
    risk 0.57cvss 9.8epss 0.01

    Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data…

  • CVE-2026-46586HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version…

  • CVE-2026-43512CriMay 12, 2026
    risk 0.57cvss 9.8epss 0.01

    DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0.…

  • CVE-2026-41293CriMay 12, 2026
    risk 0.57cvss 9.8epss 0.01

    Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected. Users…

  • CVE-2026-25077HigMay 8, 2026
    risk 0.57cvss 8.8epss 0.01

    Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM…

  • CVE-2026-28780CriMay 5, 2026
    risk 0.57cvss 9.8epss 0.01

    Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap…

  • CVE-2026-42812CriMay 4, 2026
    risk 0.57cvss 9.9epss 0.00

    In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. `write.metadata.path` is an optional table property that tells Polaris where to write those metadata files. For a table…

  • CVE-2026-42811CriMay 4, 2026
    risk 0.57cvss 9.9epss 0.00

    In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage…

  • CVE-2026-42810CriMay 4, 2026
    risk 0.57cvss 9.9epss 0.00

    Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and `s3:prefix` conditions. In S3 IAM…

  • CVE-2026-42809CriMay 4, 2026
    risk 0.57cvss 9.9epss 0.00

    Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but…

  • CVE-2026-42779CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.01

    The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at…

  • CVE-2026-42778CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.01

    The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was…

  • CVE-2026-41409CriApr 27, 2026
    risk 0.57cvss 9.8epss 0.00

    The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are…

  • CVE-2026-41635CriApr 27, 2026
    risk 0.57cvss 9.8epss 0.01

    Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in…

  • CVE-2026-40453CriApr 27, 2026
    risk 0.57cvss 9.9epss 0.01

    The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was not applied to five non-HTTP…

  • CVE-2026-41044HigApr 24, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses…

  • CVE-2022-45047CriNov 16, 2022
    risk 0.57cvss 9.8epss 0.04

    Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for…

  • CVE-2022-23307HigJan 18, 2022
    risk 0.57cvss 8.8epss 0.52

    CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

  • CVE-2022-23305CriJan 18, 2022
    risk 0.57cvss 9.8epss 0.67

    By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering…

  • CVE-2022-23302HigJan 18, 2022
    risk 0.57cvss 8.8epss 0.62

    JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a…

  • CVE-2018-8027CriJul 31, 2018
    risk 0.57cvss 9.8epss 0.06

    Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.

Page 3 of 51