| CVE-2025-30177 | Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering | Apache Software Foundation | Apache Camel | 中危 | - | 2025-04-01 11:56:30 | Deep Dive |
| CVE-2024-56325 | Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required | Apache Software Foundation | Apache Pinot | - | - | 2025-04-01 09:07:14 | Deep Dive |
| CVE-2025-29868 | Apache Answer: Using externally referenced images can leak user privacy. | Apache Software Foundation | Apache Answer | 中危 | - | 2025-04-01 07:56:29 | Deep Dive |
| CVE-2025-30065 | Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata | Apache Software Foundation | Apache Parquet Java | - | - | 2025-04-01 07:53:43 | Deep Dive |
| CVE-2025-27427 | Apache ActiveMQ Artemis: Address routing-type can be updated by user without the createAddress permission | Apache Software Foundation | Apache ActiveMQ Artemis | 中危 | - | 2025-04-01 07:27:00 | Deep Dive |
| CVE-2025-30067 | Apache Kylin: The remote code execution via jdbc url | Apache Software Foundation | Apache Kylin | - | - | 2025-03-27 15:06:37 | Deep Dive |
| CVE-2024-48944 | Apache Kylin: SSRF vulnerability in the diagnosis api | Apache Software Foundation | Apache Kylin | - | - | 2025-03-27 15:05:57 | Deep Dive |
| CVE-2024-53679 | Apache VCL: XSS vulnerability in User Lookup impacting user privileges | Apache Software Foundation | Apache VCL | - | - | 2025-03-25 09:33:44 | Deep Dive |
| CVE-2024-53678 | Apache VCL: SQL injection vulnerability in New Block Allocation form | Apache Software Foundation | Apache VCL | - | - | 2025-03-25 09:33:36 | Deep Dive |
| CVE-2025-27553 | Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT | Apache Software Foundation | Apache Commons VFS | 中危 | - | 2025-03-23 14:16:20 | Deep Dive |
| CVE-2025-30474 | Apache Commons VFS: Failing to find an FTP file can reveal the URI's password in an error message | Apache Software Foundation | Apache Commons VFS | 高危 | - | 2025-03-23 14:15:51 | Deep Dive |
| CVE-2025-26796 | Apache Oozie: XSS in Oozie Web Console | Apache Software Foundation | Apache Oozie | 中危 | - | 2025-03-22 12:23:19 | Deep Dive |
| CVE-2021-25635 | Content Manipulation with Certificate Validation Attack | The Document Foundation | LibreOffice | 中危 | - | 2025-03-21 14:52:50 | Deep Dive |
| CVE-2025-27888 | Apache Druid: Server-Side Request Forgery and Cross-Site Scripting | Apache Software Foundation | Apache Druid | 高危 | - | 2025-03-20 11:29:01 | Deep Dive |
| CVE-2024-54016 | compression bomb attack in Apache Seata Server | Apache Software Foundation | Apache Seata (incubating) | 中危 | - | 2025-03-20 08:59:26 | Deep Dive |
| CVE-2024-47552 | Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server | Apache Software Foundation | Apache Seata (incubating) | 超危 | - | 2025-03-20 08:58:01 | Deep Dive |
| CVE-2025-27018 | Apache Airflow MySQL Provider: SQL injection in MySQL provider core function | Apache Software Foundation | Apache Airflow MySQL Provider | 中危 | - | 2025-03-19 09:06:07 | Deep Dive |
| CVE-2025-27017 | Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record | Apache Software Foundation | Apache NiFi | 中危 | - | 2025-03-12 16:19:45 | Deep Dive |
| CVE-2025-27867 | Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin | Apache Software Foundation | Apache Felix HTTP Webconsole Plugin | 中危 | - | 2025-03-12 15:51:25 | Deep Dive |
| CVE-2025-29891 | Apache Camel: Camel Message Header Injection through request parameters | Apache Software Foundation | Apache Camel | 中危 | - | 2025-03-12 14:43:00 | Deep Dive |