apache
2,899 tracked vulnerabilities.
CVE-2024-22399
CRITICAL
Apache Seata <2.1.0-1.8.1 - Deserialization
Sep 16, 2024
CVSS 9.8
EPSS 0.78
CVE-2024-45498
HIGH
Apache Airflow <2.10.0 - Command Injection
Sep 07, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-45034
HIGH
Apache Airflow <2.10.1 - Code Injection
Sep 07, 2024
CVSS 8.8
EPSS 0.03
CVE-2024-45507
CRITICAL
NUCLEI
Apache OFBiz <18.12.16 - SSRF/Code Injection
Sep 04, 2024
CVSS 9.8
EPSS 0.90
CVE-2024-45195
HIGH
KEVNUCLEI
Apache OFBiz <18.12.16 - Info Disclosure
Sep 04, 2024
CVSS 7.5
EPSS 0.94
CVE-2024-41937
MEDIUM
Apache Airflow < 2.10.0 - Stored Cross-Site Scripting via Provider Documentation Link
Aug 21, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-22281
HIGH
Apache Helix Front (UI) - Info Disclosure
Aug 20, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-42362
HIGH
Hertzbeat < 1.6.0 - Authenticated Remote Code Execution via Unsafe Deserialization in Monitor Import
Aug 20, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-42361
HIGH
Hertzbeat < 1.6.0 - SQL Injection via Metric Download Endpoint
Aug 20, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-43202
CRITICAL
Apache DolphinScheduler <3.2.2 - RCE
Aug 20, 2024
CVSS 9.8
EPSS 0.08
CVE-2024-41909
MEDIUM
Apache MINA SSHD < 2.12.0 - Security Feature Downgrade via Terrapin Attack
Aug 12, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-41890
MEDIUM
Apache Answer <= 1.3.5 - Resource Exhaustion via Password Reset Email Links
Aug 12, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-41888
MEDIUM
Apache Answer <= 1.3.5 - Missing Release of Resource after Effective Lifetime
Aug 12, 2024
CVSS 5.3
EPSS 0.02
CVE-2024-30188
HIGH
NUCLEI
Apache DolphinScheduler <3.2.2 - Info Disclosure
Aug 12, 2024
CVSS 8.1
EPSS 0.89
CVE-2024-29831
HIGH
Apache DolphinScheduler < 3.2.2 - Authenticated Remote Code Execution via Switch Task Plugin
Aug 12, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-42222
MEDIUM
Apache CloudStack 4.19.1.0 - Unauthenticated Exposure of Sensitive Network Information via Network Listing API
Aug 07, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-42062
HIGH
Apache CloudStack 4.10.0-4.19.1.0 - Authenticated Privilege Escalation via API Key Query
Aug 07, 2024
CVSS 7.2
EPSS 0.00
CVE-2024-36448
HIGH
Apache IoTDB Workbench <0.13.0 - SSRF
Aug 05, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-38856
CRITICAL
KEV
Apache OFBiz forgotPassword/ProgramExport RCE
Aug 05, 2024
CVSS 9.8
EPSS 0.94
CVE-2024-42447
CRITICAL
Apache Airflow Providers FAB - Info Disclosure
Aug 05, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-36268
CRITICAL
Apache InLong <1.12.0 - Code Injection
Aug 02, 2024
CVSS 9.8
EPSS 0.07
CVE-2024-27182
MEDIUM
Apache Linkis <=1.5.0 - Privilege Escalation
Aug 02, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-27181
HIGH
Apache Linkis <=1.5.0 - Privilege Escalation
Aug 02, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-35296
HIGH
Apache Traffic Server 8.0.0-8.1.10 and 9.0.0-9.2.4 - Denial of Service via Invalid Accept-Encoding Header
Jul 26, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-35161
HIGH
Apache Traffic Server 8.0.0-8.1.10 and 9.0.0-9.2.4 - HTTP Request Smuggling via Malformed Chunked Trailer
Jul 26, 2024
CVSS 7.5
EPSS 0.00
Products
http_server 317
tomcat 254
airflow 120
struts 90
traffic_server 82
ofbiz 74
superset 68
openoffice 60
activemq 57
subversion 47
nifi 46
solr 46
cloudstack 45
cxf 43
camel 40
hadoop 37
inlong 32
openmeetings 28
dolphinscheduler 27
ambari 26
tika 25
jspwiki 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
archiva 20
couchdb 20
Quick Filters