Apache

2,736 tracked vulnerabilities.

CVE-2024-29070 CRITICAL
Apache Streampark < 2.1.4 - Insufficient Session Expiration
Jul 23, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-38503 MEDIUM
Syncope Console <3.0.8 - XSS
Jul 22, 2024
CVSS 5.4
EPSS 0.03
CVE-2024-34457 MEDIUM
Flink <2.1.4 - Info Disclosure
Jul 22, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-23321 HIGH
Apache Rocketmq < 5.3.0 - Information Disclosure
Jul 22, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-41107 HIGHNUCLEI
Apache Cloudstack < 4.18.2.2 - Authentication Bypass by Spoofing
Jul 19, 2024
CVSS 8.1
EPSS 0.92
CVE-2024-41172 HIGH
Apache Cxf < 3.6.4 - Memory Leak
Jul 19, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-32007 HIGH
Apache CXF <4.0.5, 3.6.4, 3.5.9 - DoS
Jul 19, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-29736 CRITICAL
Apache CXF <4.0.5, 3.6.4, 3.5.9 - SSRF
Jul 19, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-29178 HIGH
Product <2.1.4 - RCE
Jul 18, 2024
CVSS 8.8
EPSS 0.12
CVE-2024-40898 HIGH
Apache HTTP Server <2.4.62 - SSRF
Jul 18, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-40725 MEDIUM
Apache HTTP Server <2.4.61 - Info Disclosure
Jul 18, 2024
CVSS 5.3
EPSS 0.27
CVE-2024-29120 MEDIUM
Streampark <2.1.4 - Info Disclosure
Jul 17, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-31411 HIGH
Apache Streampipes < 0.95.0 - Unrestricted File Upload
Jul 17, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-31979 MEDIUM
Apache StreamPipes <0.95.0 - SSRF
Jul 17, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-30471 LOW
Apache Streampipes < 0.95.0 - TOCTOU Race Condition
Jul 17, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-29737 MEDIUM
Streampark - Command Injection
Jul 17, 2024
CVSS 4.7
EPSS 0.01
CVE-2023-52291 MEDIUM
Apache Streampark < 2.1.4 - Command Injection
Jul 17, 2024
CVSS 4.7
EPSS 0.01
CVE-2024-39877 HIGH
Apache Airflow < 2.9.3 - Code Injection
Jul 17, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-39863 MEDIUM
Apache Airflow < 2.9.3 - XSS
Jul 17, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-39887 MEDIUMNUCLEI
Apache Superset < 4.0.2 - SQL Injection
Jul 16, 2024
CVSS 4.3
EPSS 0.60
CVE-2023-52290 HIGH
Apache Streampark < 2.1.4 - SQL Injection
Jul 16, 2024
CVSS 8.1
EPSS 0.00
CVE-2023-49566 HIGH
Apache Linkis < 1.6.0 - Insecure Deserialization
Jul 15, 2024
CVSS 8.8
EPSS 0.01
CVE-2023-46801 HIGH
Apache Linkis <=1.5.0 - Authenticated RCE
Jul 15, 2024
CVSS 8.8
EPSS 0.04
CVE-2023-41916 MEDIUM
Apache Linkis <1.4.0 - Info Disclosure
Jul 15, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-36522 CRITICAL
XSLTResourceStream.java - RCE
Jul 12, 2024
CVSS 9.8
EPSS 0.08
Products
http_server 306 tomcat 237 airflow 101 struts 90 traffic_server 80 superset 68 openoffice 60 ofbiz 57 activemq 51 subversion 47 solr 46 nifi 44 cxf 43 cloudstack 38 hadoop 37 inlong 32 camel 31 ambari 26 tika 25 openmeetings 25 jspwiki 24 dolphinscheduler 24 geode 23 zeppelin 22 ranger 21 spark 21 kylin 21 couchdb 20 fineract 20 hive 20
Quick Filters
Critical CVEs With Exploits In CISA KEV