apache
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting apache.
- CVE-2026-49268Apache Shiro: LDAP DN Injection in DefaultLdapRealm9.1
- CVE-2026-47340Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.6.5
- CVE-2026-32967Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks9.1
- CVE-2026-42357Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.6.5
- CVE-2026-41280Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects4.9
- CVE-2026-32966Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure9.8
- CVE-2026-50203Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory allows local file write outside the destination directory via malicious server-supplied directory-entry names9.1
- CVE-2026-50645Apache CXF: No restriction on attachment headers per message7.5
- CVE-2026-50634Apache CXF: WS JSON request filter trusts metadata from an unvalidated first signature entry6.5
- CVE-2026-50633Apache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl8.1
- CVE-2026-50632Apache CXF: JNDI Injection Vulnerability in JMSConfigFactory8.1
- CVE-2026-50631Apache CXF: OAuth2: TOCTOU Race Condition in Refresh Token Processing7.4
- CVE-2026-50630Apache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection6.5
- CVE-2026-50629Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier5.3
- CVE-2026-50628Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control9.8