apache

2,899 tracked vulnerabilities.

CVE-2024-38286 HIGH
Apache Tomcat <11.0.0-M21 - Allocation of Resources Without Limits ...
Nov 07, 2024
CVSS 8.6
EPSS 0.00
CVE-2024-23590 CRITICAL
Apache Kylin <5.0.0 - Session Fixation
Nov 04, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-43383 HIGH
Apache Lucene.Net.Replicator 4.8.0-beta00005-4.8.0-beta00016 - Remote Code Execution via JSON Deserialization
Oct 31, 2024
CVSS 8.0
EPSS 0.05
CVE-2024-45477 MEDIUM
Apache NiFi <1.28.0-<2.0.0-M4 - XSS
Oct 29, 2024
CVSS 4.6
EPSS 0.01
CVE-2024-45031 MEDIUM
Apache Syncope 2.1.0-3.0.8 - Stored Cross-Site Scripting via Incomplete HTML Tag Bypass
Oct 24, 2024
CVSS 6.1
EPSS 0.03
CVE-2024-45693 HIGH
Apache CloudStack 4.15.1.0-4.18.2.3 and 4.19.0.0-4.19.1.1 - Cross-Site Request Forgery
Oct 16, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-45462 MEDIUM
Apache CloudStack <4.18.2.3 & <4.19.1.1 - Info Disclosure
Oct 16, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-45461 MEDIUM
Apache CloudStack <4.18.2.3 & <4.19.1.1 - Privilege Escalation
Oct 16, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-45219 HIGH
Apache CloudStack <4.18.2.3-4.19.1.1 - Info Disclosure
Oct 16, 2024
CVSS 8.5
EPSS 0.00
CVE-2024-45217 HIGH
Apache Solr - Insecure Default Initialization of Resource
Oct 16, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-45216 CRITICAL NUCLEI
Apache Solr 5.3.0-8.11.3 and 9.0.0-9.6.9 - Authentication Bypass via Fake URL Path Ending
Oct 16, 2024
CVSS 9.8
EPSS 0.94
CVE-2024-46911 MEDIUM
Apache Roller < 6.1.4 - Cross-Site Request Forgery and Privilege Escalation via Weblog Content Publishing
Oct 14, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-45720 HIGH
Apache Subversion <= 1.14.3 - OS Command Injection via Windows Command Line Argument Encoding
Oct 09, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-28168 HIGH
Apache XML Graphics FOP 2.9 - XML External Entity Injection
Oct 09, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-47554 MEDIUM
Apache Commons IO 2.0-2.13.0 - Uncontrolled Resource Consumption via XmlStreamReader
Oct 03, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-47561 HIGH
Apache Avro < 1.11.4 - Remote Code Execution via Schema Parsing
Oct 03, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-45772 MEDIUM
Apache Lucene Replicator 4.4.0-9.11.9 - Deserialization of Untrusted Data in HTTP Package
Sep 30, 2024
CVSS 5.1
EPSS 0.00
CVE-2024-47197 HIGH
Maven Archetype Plugin <3.3.0 - Info Disclosure
Sep 26, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-40761 MEDIUM
Apache Answer <1.3.5 - Info Disclosure
Sep 25, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-23454 MEDIUM
Apache Hadoop < 3.4.0 - Insecure Temporary File Permissions
Sep 25, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-39928 HIGH
Apache Linkis <= 1.5.0 - Inadequate Encryption Strength in Spark EngineConn Token Generation
Sep 25, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-46544 MEDIUM
Apache Tomcat Connectors 1.2.9-1.2.49 - Incorrect Default Permissions in mod_jk Shared Memory
Sep 23, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-42323 HIGH
Apache HertzBeat < 1.6.0 - Authenticated Remote Code Execution via SnakeYAML Deserialization
Sep 21, 2024
CVSS 8.8
EPSS 0.76
CVE-2024-45537 MEDIUM
Apache Druid < 30.0.1 - Authenticated JDBC Property Injection via MySQL Connection String
Sep 17, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-45384 MEDIUM
Apache Druid <30.0.0 - Padding Oracle
Sep 17, 2024
CVSS 5.3
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV