apache

2,899 tracked vulnerabilities.

CVE-2024-43204 HIGH
Apache HTTP Server 2.4.0-2.4.63 - Server-Side Request Forgery via mod_proxy
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-42516 HIGH
Apache HTTP Server <2.4.64 - Info Disclosure
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-35164 MEDIUM
Apache Guacamole < 1.6.0 - Remote Code Execution via Terminal Emulator Console Code Injection
Jul 02, 2025
CVSS 6.8
EPSS 0.00
CVE-2024-24780 CRITICAL
Apache IoTDB 1.0.0-1.3.3 - Authenticated Remote Code Execution via UDF URI
May 14, 2025
CVSS 9.8
EPSS 0.02
CVE-2024-56736 MEDIUM
Apache HertzBeat < 1.7.0 - Server-Side Request Forgery
Apr 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-53868 HIGH
Apache Traffic Server <9.2.10-10.0.5 - Request Smuggling
Apr 03, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-56325 CRITICAL NUCLEI
Apache Pinot < 1.3.0 - Authentication Bypass via Path Manipulation
Apr 01, 2025
CVSS 9.8
EPSS 0.17
CVE-2024-48944 MEDIUM
Apache Kylin 5.0.0-5.0.1 - Authenticated Server-Side Request Forgery via Diag API
Mar 27, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-53679 MEDIUM
Apache VCL < 2.5.2 - Cross-Site Scripting in User Lookup Form
Mar 25, 2025
CVSS 5.4
EPSS 0.00
CVE-2024-53678 HIGH
Apache VCL 2.2-2.5.1 - SQL Injection via Block Allocation Request Form
Mar 25, 2025
CVSS 8.8
EPSS 0.00
CVE-2024-54016 MEDIUM
Apache Seata <2.3.0 - Data Amplification
Mar 20, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-47552 CRITICAL
Apache Seata <2.2.0 - Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.00
CVE-2024-56196 MEDIUM
Apache Traffic Server 10.0.0-10.0.3 - Improper Access Control
Mar 06, 2025
CVSS 6.3
EPSS 0.00
CVE-2024-56195 MEDIUM
Apache Traffic Server 9.2.0-9.2.8 10.0.0-10.0.3 - Improper Access Control
Mar 06, 2025
CVSS 6.3
EPSS 0.00
CVE-2024-38311 MEDIUM
Apache Traffic Server <9.2.8 - <9.2.11, <10.0.3 - Info Disclosure
Mar 06, 2025
CVSS 6.3
EPSS 0.00
CVE-2024-56202 MEDIUM
Apache Traffic Server <9.2.8, <10.0.3 - Expected Behavior Violation
Mar 06, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-55532 CRITICAL
Apache Ranger <2.6.0 - Info Disclosure
Mar 03, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-24778 MEDIUM
Apache StreamPipes <0.97.0 - Privilege Escalation
Mar 03, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-56180 CRITICAL
Apache EventMesh 1.10.1-1.10.9 - Remote Code Execution via Hessian Deserialization in eventmesh-meta-raft
Feb 14, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-52577 CRITICAL
Apache Ignite 2.6.0-2.16.9 - Remote Code Execution via Unfiltered Class Deserialization
Feb 14, 2025
CVSS 9.0
EPSS 0.03
CVE-2024-46910 HIGH
Apache Atlas < 2.4.0 - Authenticated Cross-Site Scripting
Feb 13, 2025
CVSS 7.1
EPSS 0.00
CVE-2024-32838 HIGH
Apache Fineract 1.4.0-1.9 - Authenticated SQL Injection via REST API Query Parameters
Feb 12, 2025
CVSS 8.8
EPSS 0.00
CVE-2024-45626 MEDIUM
Apache James Server < 3.7.6 and 3.8.0-3.8.2 - Denial of Service via JMAP HTML to Text Conversion
Feb 06, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-37358 HIGH
Apache James Server < 3.7.6 - Denial of Service via IMAP Literals Abuse
Feb 06, 2025
CVSS 8.6
EPSS 0.01
CVE-2024-48019 MEDIUM
Apache Doris 2.1.0-2.1.7 - Path Traversal and Arbitrary File Read
Feb 04, 2025
CVSS 5.4
EPSS 0.01
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV