Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Tag: apache Clear
ID Title
CVE-2026-41042 Vulnerability in apache (CVE-2026-41042)
vulnerability in apache (CVE-2026-41042). Risk of unauthorized operations or information disclosure.
CVE-2026-23698 Unrestricted File Upload in apache (CVE-2026-23698)
vulnerability in apache (CVE-2026-23698). Successful exploitation can lead to full system takeover.
CVE-2026-23697 Unrestricted File Upload in apache (CVE-2026-23697)
vulnerability in apache (CVE-2026-23697). Successful exploitation can lead to full system takeover.
CVE-2026-43825 Unsafe Deserialization in apache (CVE-2026-43825)
vulnerability in apache (CVE-2026-43825). Risk of unauthorized operations or information disclosure.
CVE-2026-56139 Vulnerability in apache (CVE-2026-56139)
vulnerability in apache (CVE-2026-56139). Risk of unauthorized operations or information disclosure.
CVE-2026-49365 Vulnerability in apache (CVE-2026-49365)
vulnerability in apache (CVE-2026-49365). Risk of unauthorized operations or information disclosure.
CVE-2026-49098 Vulnerability in c (CVE-2026-49098)
vulnerability in c (CVE-2026-49098). Risk of unauthorized operations or information disclosure.
CVE-2026-46590 Unsafe Deserialization in apache (CVE-2026-46590)
vulnerability in apache (CVE-2026-46590). Successful exploitation can lead to full system takeover.
CVE-2026-42527 Unsafe Deserialization in csharp (CVE-2026-42527)
vulnerability in csharp (CVE-2026-42527). Successful exploitation can lead to full system takeover.
CVE-2026-40859 Unsafe Deserialization in apache (CVE-2026-40859)
vulnerability in apache (CVE-2026-40859). Successful exploitation can lead to full system takeover.
CVE-2026-40047 Vulnerability in apache (CVE-2026-40047)
vulnerability in apache (CVE-2026-40047). Confidential information can be exposed externally. Exploitable via ``docling``.
CVE-2026-43867 Unsafe Deserialization in apache (CVE-2026-43867)
vulnerability in apache (CVE-2026-43867). Successful exploitation can lead to full system takeover.
CVE-2026-43866 Unsafe Deserialization in apache (CVE-2026-43866)
vulnerability in apache (CVE-2026-43866). Risk of unauthorized operations or information disclosure.
CVE-2026-46453 Vulnerability in apache (CVE-2026-46453)
vulnerability in apache (CVE-2026-46453). Risk of unauthorized operations or information disclosure.
CVE-2026-43865 Unsafe Deserialization in csharp (CVE-2026-43865)
vulnerability in csharp (CVE-2026-43865). Successful exploitation can lead to full system takeover.
CVE-2026-24012 Vulnerability in apache (CVE-2026-24012)
vulnerability in apache (CVE-2026-24012). Risk of unauthorized operations or information disclosure.
CVE-2026-47896 Path Traversal in csharp (CVE-2026-47896)
path traversal in csharp (CVE-2026-47896). Confidential information can be exposed externally.
CVE-2026-47898 XXE (XML External Entity) in csharp (CVE-2026-47898)
vulnerability in csharp (CVE-2026-47898). Risk of unauthorized operations or information disclosure.
CVE-2026-47897 Path Traversal in csharp (CVE-2026-47897)
path traversal in csharp (CVE-2026-47897). Risk of unauthorized operations or information disclosure.
CVE-2026-52760 Cross-Site Scripting (XSS) in apache (CVE-2026-52760)
cross-site scripting in apache (CVE-2026-52760). Risk of unauthorized operations or information disclosure.
CVE-2026-48946 Unrestricted File Upload in apache (CVE-2026-48946)
vulnerability in apache (CVE-2026-48946). Risk of unauthorized operations or information disclosure. Exploitable via ``shell.php``.
CVE-2026-49257 Vulnerability in mcp-pinot-server (CVE-2026-49257)
vulnerability in mcp-pinot-server (CVE-2026-49257). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-41000 Vulnerability in c (CVE-2026-41000)
vulnerability in c (CVE-2026-41000). Risk of unauthorized operations or information disclosure.
CVE-2026-45569 Path Traversal in c (CVE-2026-45569)
path traversal in c (CVE-2026-45569). Confidential information can be exposed externally.
CVE-2026-45566 Open Redirect in nginx (CVE-2026-45566)
vulnerability in nginx (CVE-2026-45566). Risk of unauthorized operations or information disclosure.
CVE-2026-45564 OS Command Injection in c (CVE-2026-45564)
OS command injection in c (CVE-2026-45564). Successful exploitation can lead to full system takeover. Exploitable via `POST /config/versions/`.
CVE-2026-45558 Vulnerability in c (CVE-2026-45558)
vulnerability in c (CVE-2026-45558). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/service/haproxy/`.
CVE-2026-45560 Cross-Site Scripting (XSS) in c (CVE-2026-45560)
cross-site scripting in c (CVE-2026-45560). Risk of unauthorized operations or information disclosure.
CVE-2026-25699 Vulnerability in c (CVE-2026-25699)
vulnerability in c (CVE-2026-25699). Risk of unauthorized operations or information disclosure.
CVE-2026-50076 Unsafe Deserialization in apache (CVE-2026-50076)
vulnerability in apache (CVE-2026-50076). Confidential information can be exposed externally.
CVE-2026-47065 Unsafe Deserialization in apache (CVE-2026-47065)
vulnerability in apache (CVE-2026-47065). Successful exploitation can lead to full system takeover.
CVE-2026-45426 Authorization Flaw in apache-airflow (CVE-2026-45426)
vulnerability in apache-airflow (CVE-2026-45426). Risk of unauthorized operations or information disclosure. Exploitable via ``sub``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-40961 Open Redirect in airflow (CVE-2026-40961)
vulnerability in airflow (CVE-2026-40961). Risk of unauthorized operations or information disclosure. Exploitable via ``is_safe_url``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-48557 Spatie Laravel Media Library contains a file upload restriction bypass
Spatie Laravel Media Library contains a file upload restriction bypass
CVE-2026-48207 Unsafe Deserialization in pyfory (CVE-2026-48207)
vulnerability in pyfory (CVE-2026-48207). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.0` or later.
CVE-2018-25324 Vulnerability in wordpress (CVE-2018-25324)
vulnerability in wordpress (CVE-2018-25324). Confidential information can be exposed externally.
CVE-2026-41258 Code Injection in org.openmrs.api:openmrs-api (CVE-2026-41258)
code injection in org.openmrs.api:openmrs-api (CVE-2026-41258). Successful exploitation can lead to full system takeover. Exploitable via ``VelocityEngine``. Mitigation: upgrade to `2.8.6` or later.
CVE-2026-35194 Code Injection in flink (CVE-2026-35194)
code injection in flink (CVE-2026-35194). Confidential information can be exposed externally. Mitigation: upgrade to `1.20.4, 2.0.2, 2.1.1, 2.2.1` or later.
CVE-2026-6722 Use-After-Free in libphp (CVE-2026-6722)
vulnerability in libphp (CVE-2026-6722). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-44966 Vulnerability in velocityjs (CVE-2026-44966)
vulnerability in velocityjs (CVE-2026-44966). Risk of unauthorized operations or information disclosure.
CVE-2013-10075 Vulnerability in apache (CVE-2013-10075)
vulnerability in apache (CVE-2013-10075). Confidential information can be exposed externally.
CVE-2026-40682 XXE (XML External Entity) in org.apache.opennlp:opennlp-tools (CVE-2026-40682)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-40682). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-M3` or later.
CVE-2026-27172 Unsafe Deserialization in apache (CVE-2026-27172)
vulnerability in apache (CVE-2026-27172). Successful exploitation can lead to full system takeover.
CVE-2026-40858 Unsafe Deserialization in apache (CVE-2026-40858)
vulnerability in apache (CVE-2026-40858). Successful exploitation can lead to full system takeover.
CVE-2026-40473 Unsafe Deserialization in apache (CVE-2026-40473)
vulnerability in apache (CVE-2026-40473). Successful exploitation can lead to full system takeover.
CVE-2026-40048 Unsafe Deserialization in apache (CVE-2026-40048)
vulnerability in apache (CVE-2026-40048). Successful exploitation can lead to full system takeover. Exploitable via ``java.security.KeyPair``.
CVE-2026-25747 Unsafe Deserialization in apache (CVE-2026-25747)
vulnerability in apache (CVE-2026-25747). Successful exploitation can lead to full system takeover.
CVE-2023-48795 Vulnerability in russh (CVE-2023-48795)
vulnerability in russh (CVE-2023-48795). Data can be tampered with by attackers. Mitigation: upgrade to `0.40.2` or later.
CVE-2023-44487 KEV [KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
CVE-2022-36124 Vulnerability in apache-avro (CVE-2022-36124)
vulnerability in apache-avro (CVE-2022-36124). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.14.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →