CISA · government feed
Known Exploited Vulnerabilities
Vulnerabilities under active exploitation, mandated by CISA for federal patching.
39 total matches · showing 39
| CVE | Vendor / Product | Status | ||
|---|---|---|---|---|
| CVE-2026-34197 | Apache ActiveMQ | Apache ActiveMQ Improper Input Validation Vulnerability | 2026-04-16 | Active |
| CVE-2024-38475 | Apache HTTP Server | Apache HTTP Server Improper Escaping of Output Vulnerability | 2025-05-01 | Active |
| CVE-2025-24813 | Apache Tomcat | Apache Tomcat Path Equivalence Vulnerability | 2025-04-01 | Active |
| CVE-2024-45195 | Apache OFBiz | Apache OFBiz Forced Browsing Vulnerability | 2025-02-04 | Active |
| CVE-2024-27348 | Apache HugeGraph-Server | Apache HugeGraph-Server Improper Access Control Vulnerability | 2024-09-18 | Active |
| CVE-2024-38856 | Apache OFBiz | Apache OFBiz Incorrect Authorization Vulnerability | 2024-08-27 | Active |
| CVE-2024-32113 | Apache OFBiz | Apache OFBiz Path Traversal Vulnerability | 2024-08-07 | Active |
| CVE-2020-17519 | Apache Flink | Apache Flink Improper Access Control Vulnerability | 2024-05-23 | Active |
| CVE-2023-27524 | Apache Superset | Apache Superset Insecure Default Initialization of Resource Vulnerability | 2024-01-08 | Active |
| CVE-2023-46604 | Apache ActiveMQ | Apache ActiveMQ Deserialization of Untrusted Data Vulnerability | 2023-11-02 | Ransomware |
| CVE-2023-33246 | Apache RocketMQ | Apache RocketMQ Command Execution Vulnerability | 2023-09-06 | Active |
| CVE-2016-8735 | Apache Tomcat | Apache Tomcat Remote Code Execution Vulnerability | 2023-05-12 | Active |
| CVE-2021-45046 | Apache Log4j2 | Apache Log4j2 Deserialization of Untrusted Data Vulnerability | 2023-05-01 | Ransomware |
| CVE-2022-33891 | Apache Spark | Apache Spark Command Injection Vulnerability | 2023-03-07 | Active |
| CVE-2022-24112 | Apache APISIX | Apache APISIX Authentication Bypass Vulnerability | 2022-08-25 | Active |
| CVE-2022-24706 | Apache CouchDB | Apache CouchDB Insecure Default Initialization of Resource Vulnerability | 2022-08-25 | Active |
| CVE-2013-2251 | Apache Struts | Apache Struts Improper Input Validation Vulnerability | 2022-03-25 | Active |
| CVE-2017-12615 | Apache Tomcat | Apache Tomcat on Windows Remote Code Execution Vulnerability | 2022-03-25 | Ransomware |
| CVE-2017-12617 | Apache Tomcat | Apache Tomcat Remote Code Execution Vulnerability | 2022-03-25 | Active |
| CVE-2020-1956 | Apache Kylin | Apache Kylin OS Command Injection Vulnerability | 2022-03-25 | Active |
| CVE-2020-1938 | Apache Tomcat | Apache Tomcat Improper Privilege Management Vulnerability | 2022-03-03 | Active |
| CVE-2016-3088 | Apache ActiveMQ | Apache ActiveMQ Improper Input Validation Vulnerability | 2022-02-10 | Active |
| CVE-2017-9791 | Apache Struts 1 | Apache Struts 1 Improper Input Validation Vulnerability | 2022-02-10 | Active |
| CVE-2012-0391 | Apache Struts 2 | Apache Struts 2 Improper Input Validation Vulnerability | 2022-01-21 | Active |
| CVE-2006-1547 | Apache Struts 1 | Apache Struts 1 ActionForm Denial-of-Service Vulnerability | 2022-01-21 | Active |
| CVE-2020-13927 | Apache Airflow's Experimental API | Apache Airflow's Experimental API Authentication Bypass | 2022-01-18 | Active |
| CVE-2020-11978 | Apache Airflow | Apache Airflow Command Injection | 2022-01-18 | Active |
| CVE-2021-44228 | Apache Log4j2 | Apache Log4j2 Remote Code Execution Vulnerability | 2021-12-10 | Ransomware |
| CVE-2019-0193 | Apache Solr | Apache Solr DataImportHandler Code Injection Vulnerability | 2021-12-10 | Active |
| CVE-2021-40438 | Apache Apache | Apache HTTP Server-Side Request Forgery (SSRF) | 2021-12-01 | Active |
| CVE-2018-11776 | Apache Struts | Apache Struts Remote Code Execution Vulnerability | 2021-11-03 | Active |
| CVE-2017-5638 | Apache Struts | Apache Struts Remote Code Execution Vulnerability | 2021-11-03 | Ransomware |
| CVE-2020-17530 | Apache Struts | Apache Struts Remote Code Execution Vulnerability | 2021-11-03 | Active |
| CVE-2019-17558 | Apache Solr | Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability | 2021-11-03 | Active |
| CVE-2016-4437 | Apache Shiro | Apache Shiro Code Execution Vulnerability | 2021-11-03 | Active |
| CVE-2019-0211 | Apache HTTP Server | Apache HTTP Server Privilege Escalation Vulnerability | 2021-11-03 | Active |
| CVE-2021-41773 | Apache HTTP Server | Apache HTTP Server Path Traversal Vulnerability | 2021-11-03 | Ransomware |
| CVE-2021-42013 | Apache HTTP Server | Apache HTTP Server Path Traversal Vulnerability | 2021-11-03 | Ransomware |
| CVE-2017-9805 | Apache Struts | Apache Struts Deserialization of Untrusted Data Vulnerability | 2021-11-03 | Active |
Feedback
How was this page?
Spotted something off, or have an idea? Let us know.