apache

2,899 tracked vulnerabilities.

CVE-2024-38346 CRITICAL
Apache CloudStack 4.0.0-4.18.2.0 - Unauthenticated Remote Code Execution via Cluster Service Port
Jul 05, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-39884 MEDIUM
Apache HTTP Server <2.4.60 - Info Disclosure
Jul 04, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-34750 HIGH
Apache Tomcat 9.0.0-9.0.89, 10.1.0-M1-10.1.24, 11.0.0-M1-11.0.0-M20 - Denial of Service via HTTP/2 Stream Miscount
Jul 03, 2024
CVSS 7.5
EPSS 0.22
CVE-2024-39573 HIGH
Apache HTTP Server < 2.4.60 - Server-Side Request Forgery via mod_rewrite RewriteRule
Jul 01, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-38477 HIGH
Apache HTTP Server <2.4.60 - Null Pointer Dereference
Jul 01, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-38476 CRITICAL
Apache HTTP Server <2.4.60 - Info Disclosure/SSRF
Jul 01, 2024
CVSS 9.8
EPSS 0.05
CVE-2024-38475 CRITICAL KEVNUCLEI
Apache HTTP Server < 2.4.60 - Remote Code Execution via mod_rewrite Unsafe Substitution
Jul 01, 2024
CVSS 9.1
EPSS 0.94
CVE-2024-38474 CRITICAL
Apache HTTP Server < 2.4.60 - Script Execution via mod_rewrite Substitution Encoding Issue
Jul 01, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-38473 HIGH NUCLEI
Apache HTTP Server <2.4.60 - Open Redirect
Jul 01, 2024
CVSS 8.1
EPSS 0.88
CVE-2024-38472 HIGH NUCLEI
Apache HTTP Server 2.4.0-2.4.59 - Server-Side Request Forgery via UNC Path Handling
Jul 01, 2024
CVSS 7.5
EPSS 0.91
CVE-2024-36387 MEDIUM
Apache HTTP Server 2.4.55-2.4.58 - Denial of Service via WebSocket Protocol Upgrade
Jul 01, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-29868 CRITICAL NUCLEI
Apache StreamPipes <0.95.0 - Info Disclosure
Jun 24, 2024
CVSS 9.1
EPSS 0.78
CVE-2024-27136 MEDIUM
Apache JSPWiki < 2.12.2 - Cross-Site Scripting in Upload Page
Jun 24, 2024
CVSS 6.1
EPSS 0.51
CVE-2024-38379 MEDIUM
Apache Allura 1.4.0-1.17.0 - Authenticated Stored Cross-Site Scripting in Neighborhood Settings
Jun 22, 2024
CVSS 4.8
EPSS 0.02
CVE-2024-34693 MEDIUM
Apache Superset < 3.1.3 - Authenticated File Read via MariaDB Connection with local_infile
Jun 20, 2024
CVSS 6.8
EPSS 0.13
CVE-2024-25142 MEDIUM
Apache Airflow <2.9.2 - Info Disclosure
Jun 14, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-36265 CRITICAL
Apache Submarine Server Core <0.8.0 - Incorrect Authorization
Jun 12, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-36264 CRITICAL
Apache Submarine Commons Utils <0.8.0 - Auth Bypass
Jun 12, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-36263 HIGH
Apache Submarine Server Core - SQL Injection
Jun 12, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-36471 HIGH
Apache Allura 1.0.1-1.16.0 - Server-Side Request Forgery via Import Functionality
Jun 10, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-36104 CRITICAL NUCLEI
Apache OFBiz <18.12.14 - Path Traversal
Jun 04, 2024
CVSS 9.1
EPSS 0.93
CVE-2024-32077 MEDIUM
Apache Airflow <2.9.1 - Code Injection
May 14, 2024
CVSS 5.4
EPSS 0.03
CVE-2024-34365 CRITICAL
Apache Karaf Cave - Improper Input Validation
May 14, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-32113 CRITICAL KEVNUCLEI
Apache OFBiz <18.12.13 - Path Traversal
May 08, 2024
CVSS 9.8
EPSS 0.94
CVE-2024-26579 CRITICAL
Apache InLong 1.7.0-1.11.0 - Deserialization of Untrusted Data via Malicious Parameters
May 08, 2024
CVSS 9.8
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV