apache

2,899 tracked vulnerabilities.

CVE-2024-28148 MEDIUM
Apache Superset < 3.1.2 - Authenticated Incorrect Authorization via REST API Request
May 07, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-32638 MEDIUM
Apache APISIX 3.8.0-3.9.0 - HTTP Request Smuggling via Forward-Auth Plugin
May 02, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-32114 HIGH NUCLEI
Apache ActiveMQ 6.x - Info Disclosure
May 02, 2024
CVSS 8.5
EPSS 0.68
CVE-2024-27349 CRITICAL
Apache HugeGraph-Server <1.3.0 - Auth Bypass
Apr 22, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-27348 CRITICAL KEVNUCLEI
Apache HugeGraph-Server - Remote Command Execution
Apr 22, 2024
CVSS 9.8
EPSS 0.94
CVE-2024-27347 MEDIUM
Apache HugeGraph-Hubble <1.3.0 - SSRF
Apr 22, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-29733 LOW
Apache Airflow FTP Provider <3.7.0 - Certificate Validation
Apr 21, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-29217 MEDIUM
Apache Answer < 1.3.0 - Authenticated Stored Cross-Site Scripting via Personal Website Field
Apr 21, 2024
CVSS 4.6
EPSS 0.00
CVE-2024-31869 MEDIUM
Apache Airflow 2.7.0-2.8.4 - Authenticated Sensitive Information Exposure via Configuration UI Page
Apr 18, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-31391 MEDIUM
Apache Solr Operator 0.3.0-0.8.0 - Sensitive Information Disclosure in Kubernetes Events
Apr 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-27309 HIGH
Apache Kafka 3.5.0-3.6.1 and kafka-metadata 3.5.0-3.6.2 - Incorrect Authorization during ZooKeeper to KRaft Migration
Apr 12, 2024
CVSS 7.4
EPSS 0.00
CVE-2024-31309 HIGH
Apache Traffic Server 8.0.0-8.1.9 9.0.0-9.2.3 - Denial of Service via HTTP/2 CONTINUATION Frames
Apr 10, 2024
CVSS 7.5
EPSS 0.11
CVE-2024-31867 MEDIUM
Apache Zeppelin <0.11.1 - SQL Injection
Apr 09, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-31868 MEDIUM
Apache Zeppelin 0.8.2-0.11.0 - Stored Cross-Site Scripting via helium.json
Apr 09, 2024
CVSS 6.1
EPSS 0.02
CVE-2024-31866 CRITICAL
Apache Zeppelin 0.8.2-0.11.0 - Remote Code Execution via Configuration Override
Apr 09, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-31865 MEDIUM
Apache Zeppelin <0.11.1 - Privilege Escalation
Apr 09, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-31864 CRITICAL
Apache Zeppelin <0.11.1 - Code Injection
Apr 09, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-31863 MEDIUM
Apache Zeppelin <0.11.0 - Auth Bypass
Apr 09, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-31862 MEDIUM
Apache Zeppelin <0.11.0 - Info Disclosure
Apr 09, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-31860 MEDIUM
Apache Zeppelin <0.11.0 - Info Disclosure
Apr 09, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-24746 HIGH
Apache NimBLE <= 1.6.0 - Denial of Service via GATT Operation
Apr 06, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-27316 HIGH
Apache HTTP Server 2.4.17-2.4.58 - Denial of Service via HTTP/2 Header Buffering
Apr 04, 2024
CVSS 7.5
EPSS 0.88
CVE-2024-24795 MEDIUM
Apache HTTP Server 2.4.0-2.4.58 - HTTP Response Splitting via Malicious Response Headers
Apr 04, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-29008 MEDIUM
Apache CloudStack 4.14.0.0-4.18.1.0 - Unauthenticated Host Device Attachment via Extraconfig Feature
Apr 04, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-29007 HIGH
Apache CloudStack 4.9.1.0-4.18.1.0 - Server-Side Request Forgery via HTTP Redirect Handling
Apr 04, 2024
CVSS 7.3
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV