Live Latest activity →

Intel·Advanced Psychiatry Associates Hit by Everest (May 2026)

Apache Vulnerabilities

Track Apache vulnerabilities including HTTP Server, Tomcat, Struts, and more. 30 CVE advisories sorted by CVSS score.

30

Total CVEs

13

Critical

17

High

CVE Advisories

Camel CoAP unauthenticated RCE (CVE-2026-33453) [PoC]

Azure Cassandra RCE, low-privilege (CVE-2026-33109)

Apache Camel JMS header bypass RCE (CVE-2026-40453)

Apache MINA IoBuffer RCE, patch bypass (CVE-2026-42778) [PoC]

MINA unauthenticated RCE via bad fix (CVE-2026-42779) [PoC]

Pony Mail admin takeover (CVE-2026-41873)

Camel deserialization RCE via JMS (CVE-2026-40860)

Apache MINA unauth RCE via deserialization (CVE-2026-41409)

Apache MINA unauth RCE via deserialization (CVE-2026-41635)

Apache RCE Vulnerability (CVE-2025-59059)

Apache Camel header injection via email (CVE-2026-33454)

Wicket session fixation, no patch yet (CVE-2026-40010)

Kafka OAuth JWT bypass grants unauth access (CVE-2026-33557)

Camel MINA unauthenticated RCE (CVE-2026-40473)

Camel RCE via deserialization (CVE-2026-40858)

ActiveMQ code injection after auth bypass (CVE-2026-40466)

ActiveMQ RCE via Spring XML (CVE-2026-41044)

Airflow webserver code execution by Dag Authors (CVE-2026-33858)

Storm RCE via Kerberos credential deserialization (CVE-2026-35337)

ActiveMQ RCE exploited in the wild (CVE-2026-34197) [PoC]

Apache Thrift OOB read leaks data (CVE-2026-41604)

Apache DolphinScheduler tenant bypass (CVE-2026-23902)

Airflow lets tasks read HITL data (CVE-2026-30911)

Neethi denial of service via XML (CVE-2026-42402)

Apache Neethi stack overflow via circular refs (CVE-2026-42403)

Apache Thrift c_glib server crash (CVE-2025-48431)

Apache Thrift integer overflow crash (CVE-2026-41602)

Apache Thrift Node.js stack overflow (CVE-2026-41636)

ActiveMQ TLSv1.3 memory DoS (CVE-2026-39304)

Airflow session token hijack (CVE-2026-28779)

Related News

Apache ActiveMQ CVE-2026-34197 added to CISA KEV catalo

Browse all vendors