apache

2,899 tracked vulnerabilities.

CVE-2024-25090 MEDIUM
Apache Roller 5.0.0-6.1.2 - Authenticated Stored Cross-Site Scripting in Profile and Bookmark Features
Jul 26, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-39676 HIGH
Apache Pinot 0.1-1.0.0 - Exposure of Sensitive Information via /appconfigs Endpoint
Jul 24, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-41178 HIGH
Apache Arrow Rust Object Store < 0.10.1 - Sensitive Information Exposure in Logs via AWS WebIdentityToken
Jul 23, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-29070 CRITICAL
Apache StreamPark 1.0.0-2.1.3 - Insufficient Session Expiration
Jul 23, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-38503 MEDIUM
Apache Syncope 2.1.0-2.1.13 Stored XSS in Console/Enduser Text Fields
Jul 22, 2024
CVSS 5.4
EPSS 0.06
CVE-2024-34457 MEDIUM
Apache StreamPark < 2.1.4 - Authorization Bypass via User Token
Jul 22, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-23321 HIGH
Apache RocketMQ 4.5.2-5.2.0 - Authenticated Sensitive Information Exposure via Specific Interfaces
Jul 22, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-41107 HIGH NUCLEI
Apache CloudStack 4.5.0-4.18.2.1 - Authentication Bypass via SAML Response Spoofing
Jul 19, 2024
CVSS 8.1
EPSS 0.92
CVE-2024-41172 HIGH
Apache CXF 3.6.0-3.6.3 and 4.0.0-4.0.4 - Memory Leak in HTTP Client Conduit
Jul 19, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-32007 HIGH
Apache CXF <4.0.5, 3.6.4, 3.5.9 - DoS
Jul 19, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-29736 CRITICAL
Apache CXF <4.0.5, 3.6.4, 3.5.9 - SSRF
Jul 19, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-29178 HIGH
Apache StreamPark <2.1.4 - Authenticated Remote Code Execution via Template Injection
Jul 18, 2024
CVSS 8.8
EPSS 0.07
CVE-2024-40898 HIGH
Apache HTTP Server < 2.4.62 - Server-Side Request Forgery via mod_rewrite on Windows
Jul 18, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-40725 MEDIUM
Apache HTTP Server <2.4.61 - Info Disclosure
Jul 18, 2024
CVSS 5.3
EPSS 0.25
CVE-2024-29120 MEDIUM
Streampark <2.1.4 - Info Disclosure
Jul 17, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-31411 HIGH
Apache StreamPipes <= 0.93.0 - Authenticated Unrestricted Upload of File with Dangerous Type
Jul 17, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-31979 MEDIUM
Apache StreamPipes <= 0.93.0 - Server-Side Request Forgery via Pipeline Element Installation Endpoint
Jul 17, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-30471 LOW
Apache StreamPipes <= 0.93.0 - Time-of-check Time-of-use Race Condition in User Self-Registration
Jul 17, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-29737 MEDIUM
Apache StreamPark < 2.1.4 - Authenticated Remote Code Execution via Build Argument Injection
Jul 17, 2024
CVSS 4.7
EPSS 0.01
CVE-2024-39877 HIGH
Apache Airflow 2.4.0-2.9.2 - Authenticated Remote Code Execution via doc_md Parameter
Jul 17, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-39863 MEDIUM
Apache Airflow < 2.9.3 - Authenticated Stored Cross-Site Scripting via Provider Installation Link
Jul 17, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-39887 MEDIUM NUCLEI
Apache Superset < 4.0.2 - SQL Injection via PostgreSQL Engine-Specific Functions
Jul 16, 2024
CVSS 4.3
EPSS 0.56
CVE-2024-36522 CRITICAL
Apache Wicket XSLTResourceStream - XSLT Injection Remote Code Execution
Jul 12, 2024
CVSS 9.8
EPSS 0.08
CVE-2024-37389 MEDIUM
Apache NiFi 1.10.0-1.26.0 & 2.0.0-M1-M3 - Authenticated Stored XSS in Parameter Context Description
Jul 08, 2024
CVSS 4.6
EPSS 0.02
CVE-2024-39864 CRITICAL
Apache CloudStack 4.0.0-4.18.2.0 - Unauthenticated Remote Code Execution via Integration API Service
Jul 05, 2024
CVSS 9.8
EPSS 0.02
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV