apache
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting apache.
- CVE-2025-53648Apache Gravitino: SQL misconfiguration can access or truncate files5.4
- CVE-2026-49486Apache Airflow FTP provider: FTP Provider does not protect FTPS data channel (missing PROT_P)7.5
- CVE-2025-62198Apache Atlas: Stored XSS in Create Entity page5.4
- CVE-2026-44914Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents7.2
- CVE-2026-44911Apache NiFi: Incorrect Authorization for Configuration Verification Requests6.3
- CVE-2026-44913Apache NiFi: Improper Escaping of Table Names in CaptureChangeMySQL7.2
- CVE-2026-54665Apache NiFi: Missing Validation for Proxy Host Headers5.3
- CVE-2025-66336Apache Doris MCP Server: SQL injection leading the authentication bypass8.1
- CVE-2026-49872Apache APISIX: Improper authentication in cas-auth plugin8.1
- CVE-2026-49871Apache APISIX: cas-auth login CSRF / session injection issue9.3
- CVE-2026-47341Apache APISIX: Session replay issue in hmac-auth6.5
- CVE-2026-48895Apache APISIX: Cas-auth Host header influence on CAS service URL7.2
- CVE-2026-49231Apache APISIX: Identity spoofing issue in APISIX opa plugin5.4
- CVE-2026-49230Apache APISIX: Authentication bypass in jwe-decrypt9.1
- CVE-2026-44915Apache APISIX: Cas-auth plugin open redirect via unsanitized cookie value6.1