Apache

2,736 tracked vulnerabilities.

CVE-2024-45217 HIGH
Apache Solr - Insecure Default Initialization of Resource
Oct 16, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-45216 CRITICALNUCLEI
Apache Solr - Auth Bypass
Oct 16, 2024
CVSS 9.8
EPSS 0.94
CVE-2023-50780 HIGH
Apache Activemq Artemis < 2.29.0 - Improper Authorization
Oct 14, 2024
CVSS 8.8
EPSS 0.03
CVE-2024-46911 MEDIUM
Apache Roller < 6.1.4 - CSRF
Oct 14, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-45720 HIGH
Apache Subversion < 1.14.4 - OS Command Injection
Oct 09, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-28168 HIGH
Apache Formatting Objects Processor < 2.10 - XXE
Oct 09, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-47554 MEDIUM
Apache Commons IO <2.14.0 - DoS
Oct 03, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-47561 HIGH
Apache Avro <1.11.4-1.12.0 - RCE
Oct 03, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-45772 MEDIUM
Apache Lucene Replicator < 9.12.0 - Insecure Deserialization
Sep 30, 2024
CVSS 5.1
EPSS 0.00
CVE-2024-47197 HIGH
Maven Archetype Plugin <3.3.0 - Info Disclosure
Sep 26, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-40761 MEDIUM
Apache Answer <1.3.5 - Info Disclosure
Sep 25, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-23454 MEDIUM
Apache Hadoop - Info Disclosure
Sep 25, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-39928 HIGH
Apache Linkis < 1.6.0 - Weak Encryption
Sep 25, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-46544 MEDIUM
Apache Tomcat Connectors < 1.2.50 - Incorrect Default Permissions
Sep 23, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-42323 HIGH
Apache Hertzbeat < 1.6.0 - Insecure Deserialization
Sep 21, 2024
CVSS 8.8
EPSS 0.76
CVE-2024-45537 MEDIUM
Apache Druid - SSRF
Sep 17, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-45384 MEDIUM
Apache Druid <30.0.0 - Padding Oracle
Sep 17, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-22399 CRITICAL
Apache Seata <2.1.0-1.8.1 - Deserialization
Sep 16, 2024
CVSS 9.8
EPSS 0.78
CVE-2024-45498 HIGH
Apache Airflow <2.10.0 - Command Injection
Sep 07, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-45034 HIGH
Apache Airflow <2.10.1 - Code Injection
Sep 07, 2024
CVSS 8.8
EPSS 0.03
CVE-2024-45507 CRITICALNUCLEI
Apache OFBiz <18.12.16 - SSRF/Code Injection
Sep 04, 2024
CVSS 9.8
EPSS 0.90
CVE-2024-45195 HIGHKEVNUCLEI
Apache OFBiz <18.12.16 - Info Disclosure
Sep 04, 2024
CVSS 7.5
EPSS 0.94
CVE-2023-49582 MEDIUM
Apache Portable Runtime < 1.7.5 - Incorrect Permission Assignment
Aug 26, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-41937 MEDIUM
Apache Airflow < 2.10.0 - XSS
Aug 21, 2024
CVSS 6.1
EPSS 0.01
CVE-2023-49198 HIGH
Apache SeaTunnel <1.0.1 - Info Disclosure
Aug 21, 2024
CVSS 7.5
EPSS 0.00
Products
http_server 306 tomcat 237 airflow 101 struts 90 traffic_server 80 superset 68 openoffice 60 ofbiz 57 activemq 51 subversion 47 solr 46 nifi 44 cxf 43 cloudstack 38 hadoop 37 inlong 32 camel 31 ambari 26 tika 25 openmeetings 25 jspwiki 24 dolphinscheduler 24 geode 23 zeppelin 22 ranger 21 spark 21 kylin 21 couchdb 20 fineract 20 hive 20
Quick Filters
Critical CVEs With Exploits In CISA KEV