| CVE-2025-35003 | Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities. | Apache Software Foundation | Apache NuttX RTOS | - | - | 2025-05-26 10:03:07 | Deep Dive |
| CVE-2025-47436 | Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression | Apache Software Foundation | Apache ORC | - | - | 2025-05-14 13:11:36 | Deep Dive |
| CVE-2025-26864 | Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication | Apache Software Foundation | Apache IoTDB | - | - | 2025-05-14 10:44:13 | Deep Dive |
| CVE-2025-26795 | Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver | Apache Software Foundation | Apache IoTDB JDBC driver | - | - | 2025-05-14 10:43:06 | Deep Dive |
| CVE-2024-24780 | Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function | Apache Software Foundation | Apache IoTDB | - | - | 2025-05-14 10:42:21 | Deep Dive |
| CVE-2025-27696 | Apache Superset: Incorrect authorization leading to resource ownership takeover | Apache Software Foundation | Apache Superset | - | - | 2025-05-13 08:21:21 | Deep Dive |
| CVE-2025-46392 | Apache Commons Configuration: Uncontrolled Resource Consumption when loading untrusted configurations in 1.x | Apache Software Foundation | Apache Commons Configuration | - | - | 2025-05-09 09:34:39 | Deep Dive |
| CVE-2025-27533 | Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation | Apache Software Foundation | Apache ActiveMQ | - | - | 2025-05-07 08:59:00 | Deep Dive |
| CVE-2025-46762 | Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata | Apache Software Foundation | Apache Parquet Java | - | - | 2025-05-06 09:08:14 | Deep Dive |
| CVE-2025-31651 | Apache Tomcat: Bypass of rules in Rewrite Valve | Apache Software Foundation | Apache Tomcat | - | - | 2025-04-28 19:17:22 | Deep Dive |
| CVE-2025-31650 | Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame | Apache Software Foundation | Apache Tomcat | - | - | 2025-04-28 19:14:31 | Deep Dive |
| CVE-2025-27820 | Apache HttpComponents: PSL (Public Suffix List) validation bypass | Apache Software Foundation | Apache HttpComponents | 高危 | - | 2025-04-24 11:44:26 | Deep Dive |
| CVE-2025-26413 | Apache Kvrocks: The server was crashed by the negative offset | Apache Software Foundation | Apache Kvrocks | 中危 | - | 2025-04-22 07:07:50 | Deep Dive |
| CVE-2025-29953 | Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass | Apache Software Foundation | Apache ActiveMQ NMS OpenWire Client | 中危 | - | 2025-04-18 15:23:32 | Deep Dive |
| CVE-2024-56736 | Apache HertzBeat: Server-Side Request Forgery (SSRF) in Api Config Oss | Apache Software Foundation | Apache HertzBeat | - | - | 2025-04-16 15:38:11 | Deep Dive |
| CVE-2025-24859 | Apache Roller: Insufficient Session Expiration on Password Change | Apache Software Foundation | Apache Roller | - | - | 2025-04-14 08:18:55 | Deep Dive |
| CVE-2025-27391 | Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log | Apache Software Foundation | Apache ActiveMQ Artemis | 中危 | - | 2025-04-09 14:42:33 | Deep Dive |
| CVE-2025-31672 | Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names | Apache Software Foundation | Apache POI | 中危 | - | 2025-04-09 11:59:34 | Deep Dive |
| CVE-2025-30677 | Apache Pulsar IO Kafka Connector, Apache Pulsar IO Kafka Connect Adaptor: Sensitive information logged in Pulsar's Apache Kafka Connectors | Apache Software Foundation | Apache Pulsar IO Kafka Connector | - | - | 2025-04-09 11:58:12 | Deep Dive |
| CVE-2025-30473 | Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection | Apache Software Foundation | Apache Airflow Common SQL Provider | - | - | 2025-04-07 08:31:57 | Deep Dive |