apache
3,084 tracked vulnerabilities.
CVE-2024-43166
CRITICAL
Apache DolphinScheduler <3.2.2 - Info Disclosure
Sep 03, 2025
CVSS 9.8
EPSS 0.00
CVE-2024-43115
HIGH
Apache DolphinScheduler <3.2.2 - RCE
Sep 03, 2025
CVSS 8.8
EPSS 0.00
CVE-2024-48988
HIGH
Apache StreamPark 2.1.4-2.1.5 - Authenticated SQL Injection
Aug 22, 2025
CVSS 7.6
EPSS 0.01
CVE-2024-39954
MEDIUM
Apache EventMesh < 1.12.0 - Server-Side Request Forgery via WebhookUtil
Aug 20, 2025
CVSS 6.3
EPSS 0.00
CVE-2024-51775
MEDIUM
Apache Zeppelin 0.11.1-0.11.9 - Missing Origin Validation in WebSockets
Aug 03, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-52279
MEDIUM
Apache Zeppelin <0.12.0 - Improper Input Validation
Aug 03, 2025
CVSS 5.3
EPSS 0.01
CVE-2024-41177
MEDIUM
Apache Zeppelin < 0.12.0 - Cross-Site Scripting via Incomplete Blacklist
Aug 03, 2025
CVSS 6.1
EPSS 0.01
CVE-2024-41169
HIGH
Apache Zeppelin <0.12.0 - Info Disclosure
Jul 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-47252
HIGH
Apache HTTP Server <2.4.63 - Info Disclosure
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-43394
HIGH
Apache HTTP Server 2.4.0-2.4.63 - Server-Side Request Forgery via mod_rewrite or Apache Expressions
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-43204
HIGH
Apache HTTP Server 2.4.0-2.4.63 - Server-Side Request Forgery via mod_proxy
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-42516
HIGH
Apache HTTP Server <2.4.64 - Info Disclosure
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-35164
MEDIUM
Apache Guacamole < 1.6.0 - Remote Code Execution via Terminal Emulator Console Code Injection
Jul 02, 2025
CVSS 6.8
EPSS 0.00
CVE-2024-24780
CRITICAL
Apache IoTDB 1.0.0-1.3.3 - Authenticated Remote Code Execution via UDF URI
May 14, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-56736
MEDIUM
Apache HertzBeat < 1.7.0 - Server-Side Request Forgery
Apr 16, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-53868
HIGH
Apache Traffic Server <9.2.10-10.0.5 - Request Smuggling
Apr 03, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-56325
CRITICAL
NUCLEI
Apache Pinot < 1.3.0 - Authentication Bypass via Path Manipulation
Apr 01, 2025
CVSS 9.8
EPSS 0.79
CVE-2024-48944
MEDIUM
Apache Kylin 5.0.0-5.0.1 - Authenticated Server-Side Request Forgery via Diag API
Mar 27, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-53679
MEDIUM
Apache VCL < 2.5.2 - Cross-Site Scripting in User Lookup Form
Mar 25, 2025
CVSS 5.4
EPSS 0.00
CVE-2024-53678
HIGH
Apache VCL 2.2-2.5.1 - SQL Injection via Block Allocation Request Form
Mar 25, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-54016
MEDIUM
Apache Seata <2.3.0 - Data Amplification
Mar 20, 2025
CVSS 4.3
EPSS 0.01
CVE-2024-47552
CRITICAL
Apache Seata <2.2.0 - Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-56196
MEDIUM
Apache Traffic Server 10.0.0-10.0.3 - Improper Access Control
Mar 06, 2025
CVSS 6.3
EPSS 0.01
CVE-2024-56195
MEDIUM
Apache Traffic Server 9.2.0-9.2.8 10.0.0-10.0.3 - Improper Access Control
Mar 06, 2025
CVSS 6.3
EPSS 0.01
CVE-2024-38311
MEDIUM
Apache Traffic Server <9.2.8 - <9.2.11, <10.0.3 - Info Disclosure
Mar 06, 2025
CVSS 6.3
EPSS 0.01
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters