Vulnerabilities in Apache Software Foundation
1,872 resultsCVE-2021-30641—Unexpected URL matching with 'MergeSlashes OFF'EPSS 52.3%CVE-2018-8011—mod_md, DoS via Coredumps on specially crafted requestsEPSS 51.7%CVE-2023-28709—Apache Tomcat: Fix for CVE-2023-24998 is incompleteEPSS 51.5%CVE-2021-31618—NULL pointer dereference on specially crafted HTTP/2 requestEPSS 51.2%CVE-2018-11763—In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPUEPSS 51.0%CVE-2021-33035—Buffer overflow from a crafted DBF fileEPSS 50.6%CVE-2022-23943—mod_sed: Read/write beyond boundsEPSS 50.4%CVE-2020-17518—Apache Flink directory traversal attack: remote file writing through the REST APIEPSS 50.0%CVE-2025-61622CRITICALApache Fory, Apache Fory: Python RCE via unguarded pickle fallback serializer in pyforyEPSS 49.5%CVE-2020-13950—mod_proxy_http NULL pointer dereferenceEPSS 49.1%CVE-2016-0736—In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possiblyEPSS 49.0%CVE-2024-25065CRITICALApache OFBiz: Path traversal allowing authentication bypass.EPSS 47.7%CVE-2023-24998—Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive partsEPSS 46.8%CVE-2021-33193—Request splitting via HTTP/2 method injection and mod_proxyEPSS 46.2%CVE-2018-1323—The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it toEPSS 44.2%CVE-2018-1306—The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain seEPSS 43.9%CVE-2024-52012MEDIUMApache Solr: Configset upload on Windows allows arbitrary path write-accessEPSS 43.3%CVE-2020-13954—Apache CXF Reflected XSS in the services listing page via the styleSheetPathEPSS 43.0%CVE-2026-23918HIGHApache HTTP Server: http2: double free and possible RCE on early resetEPSS 42.8%CVE-2024-50379CRITICALApache Tomcat: RCE due to TOCTOU issue in JSP compilationEPSS 42.3%