apache

2,899 tracked vulnerabilities.

CVE-2024-27137 MEDIUM
Apache Cassandra 4.0.2-5.0.2 - Unauthenticated Credential Capture via JMX RMI Registry Manipulation
Feb 04, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-29869 MEDIUM
Apache Hive 1.1.0-4.0.0 - Unauthorized Sensitive Information Exposure via Temporary Credentials File
Jan 28, 2025
CVSS 5.5
EPSS 0.00
CVE-2024-23953 MEDIUM
Apache Hive 2.2.0-4.0.0 - Authenticated Observable Timing Discrepancy in LlapSignerImpl
Jan 28, 2025
CVSS 6.5
EPSS 0.02
CVE-2024-52012 MEDIUM
Apache Solr <9.7.0 - Path Traversal
Jan 27, 2025
CVSS 5.4
EPSS 0.14
CVE-2024-53299 MEDIUM
Apache Wicket 7.0.0-7.17.9 and 8.0.0-8.16.9 - Denial of Service via Request Handling
Jan 23, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-51941 HIGH
Ambari - Authenticated Code Injection
Jan 21, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-45479 CRITICAL
Apache Ranger 2.4.0 - Server-Side Request Forgery in Edit Service Page
Jan 21, 2025
CVSS 9.1
EPSS 0.00
CVE-2024-45478 MEDIUM
Apache Ranger 2.4.0 - Stored Cross-Site Scripting in Edit Service Page
Jan 21, 2025
CVSS 4.8
EPSS 0.01
CVE-2024-45627 MEDIUM
Apache Linkis <1.7.0 - Info Disclosure
Jan 14, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-54676 CRITICAL
Apache OpenMeetings 2.1.0-8.0.0 - Deserialization of Untrusted Data via OpenJPA Configuration
Jan 08, 2025
CVSS 9.8
EPSS 0.05
CVE-2024-45033 HIGH
Apache Airflow Fab Provider <1.5.2 - Info Disclosure
Jan 08, 2025
CVSS 8.1
EPSS 0.01
CVE-2024-56512 MEDIUM NUCLEI
Apache NiFi 1.10.0-2.0.0 - Authenticated Missing Authorization for Parameter Contexts and Controller Services
Dec 28, 2024
CVSS 5.4
EPSS 0.38
CVE-2024-52046 CRITICAL
Apache MINA 2.0.0-2.0.26, 2.1.0-2.1.9, 2.2.0-2.2.3 - Remote Code Execution via ObjectSerializationDecoder
Dec 25, 2024
CVSS 9.8
EPSS 0.56
CVE-2024-43441 CRITICAL NUCLEI
Apache HugeGraph-Server 1.0.0-1.5.0 - Authentication Bypass by Assumed-Immutable Data
Dec 24, 2024
CVSS 9.8
EPSS 0.89
CVE-2024-45387 CRITICAL
Apache Traffic Control <=8.0.1, >=8.0.0 - SQL Injection
Dec 23, 2024
CVSS 9.9
EPSS 0.44
CVE-2024-23945 MEDIUM
Apache Hive 1.2.0-4.0.0 and Apache Spark 2.0.0-3.3.4 - Sensitive Information Exposure via Cookie Signature Mismatch
Dec 23, 2024
CVSS 5.9
EPSS 0.06
CVE-2024-56337 CRITICAL
Apache Tomcat 9.0.0-9.0.97, 10.1.0-M1-10.1.33, 11.0.0-M1-11.0.1 - Time-of-check Time-of-use Race Condition
Dec 20, 2024
CVSS 9.8
EPSS 0.13
CVE-2024-56128 MEDIUM
Apache Kafka 0.10.2.0-3.9.0 - Authentication Bypass via SCRAM Nonce Validation Omission
Dec 18, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-54677 MEDIUM
Apache Tomcat 8.5.0-8.5.100, 9.0.0.M1-9.0.97, 10.1.0-M1-10.1.33, 11.0.0-M1-11.0.1 - DoS via Examples Web App
Dec 17, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-50379 CRITICAL
Apache Tomcat 9.0.0-9.0.97, 10.1.0-M1-10.1.33, 11.0.0-M1-11.0.1 - RCE via TOCTOU Race Condition in JSP Compilation
Dec 17, 2024
CVSS 9.8
EPSS 0.85
CVE-2024-55633 MEDIUM
Apache Superset < 4.1.0 - Incorrect Authorization via SQL DML Statement
Dec 12, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-53677 CRITICAL
Apache Struts 2.0.0-6.3.9 - Path Traversal and Remote Code Execution via File Upload
Dec 11, 2024
CVSS 9.8
EPSS 0.93
CVE-2024-53949 MEDIUM
Apache Superset <4.1.0 - Auth Bypass
Dec 09, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-53948 MEDIUM
Apache Superset <4.1.0 - Info Disclosure
Dec 09, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-53947 CRITICAL
Apache Superset <4.1.0 - SQL Injection
Dec 09, 2024
CVSS 9.8
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV