apache software foundation
Latest CVEs
The 15 most recently published vulnerabilities affecting apache software foundation.
- CVE-2025-53648Apache Gravitino: SQL misconfiguration can access or truncate files5.4
- CVE-2026-49434Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker7.5
- CVE-2026-49432Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service7.5
- CVE-2026-49877Apache ActiveMQ: Authenticated web users retain admin access by default in the Web Console8.1
- CVE-2026-50734Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire memory-allocation DoS during wire format negotiation7.5
- CVE-2026-50750Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire DoS following fix for CVE-2026-492707.5
- CVE-2026-52760Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ Web Console6.1
- CVE-2026-53916Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec7.5
- CVE-2026-53917Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling7.5
- CVE-2026-54475Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover7.5
- CVE-2026-55957Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind7.3
- CVE-2026-55956Apache Tomcat: Security constraints for default servlet ignored method6.5
- CVE-2026-55955Apache Tomcat: EncryptInterceptor not protected against replay attacks6.5
- CVE-2026-55276Apache Tomcat: Logged effective web.xml is incomplete9.1
- CVE-2026-53434Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector9.1