apache

3,084 tracked vulnerabilities.

CVE-2024-43166 CRITICAL
Apache DolphinScheduler <3.2.2 - Info Disclosure
Sep 03, 2025
CVSS 9.8
EPSS 0.00
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
Sep 03, 2025
CVSS 8.8
EPSS 0.00
CVE-2024-48988 HIGH
Apache StreamPark 2.1.4-2.1.5 - Authenticated SQL Injection
Aug 22, 2025
CVSS 7.6
EPSS 0.01
CVE-2024-39954 MEDIUM
Apache EventMesh < 1.12.0 - Server-Side Request Forgery via WebhookUtil
Aug 20, 2025
CVSS 6.3
EPSS 0.00
CVE-2024-51775 MEDIUM
Apache Zeppelin 0.11.1-0.11.9 - Missing Origin Validation in WebSockets
Aug 03, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-52279 MEDIUM
Apache Zeppelin <0.12.0 - Improper Input Validation
Aug 03, 2025
CVSS 5.3
EPSS 0.01
CVE-2024-41177 MEDIUM
Apache Zeppelin < 0.12.0 - Cross-Site Scripting via Incomplete Blacklist
Aug 03, 2025
CVSS 6.1
EPSS 0.01
CVE-2024-41169 HIGH
Apache Zeppelin <0.12.0 - Info Disclosure
Jul 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-47252 HIGH
Apache HTTP Server <2.4.63 - Info Disclosure
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-43394 HIGH
Apache HTTP Server 2.4.0-2.4.63 - Server-Side Request Forgery via mod_rewrite or Apache Expressions
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-43204 HIGH
Apache HTTP Server 2.4.0-2.4.63 - Server-Side Request Forgery via mod_proxy
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-42516 HIGH
Apache HTTP Server <2.4.64 - Info Disclosure
Jul 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-35164 MEDIUM
Apache Guacamole < 1.6.0 - Remote Code Execution via Terminal Emulator Console Code Injection
Jul 02, 2025
CVSS 6.8
EPSS 0.00
CVE-2024-24780 CRITICAL
Apache IoTDB 1.0.0-1.3.3 - Authenticated Remote Code Execution via UDF URI
May 14, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-56736 MEDIUM
Apache HertzBeat < 1.7.0 - Server-Side Request Forgery
Apr 16, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-53868 HIGH
Apache Traffic Server <9.2.10-10.0.5 - Request Smuggling
Apr 03, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-56325 CRITICAL NUCLEI
Apache Pinot < 1.3.0 - Authentication Bypass via Path Manipulation
Apr 01, 2025
CVSS 9.8
EPSS 0.79
CVE-2024-48944 MEDIUM
Apache Kylin 5.0.0-5.0.1 - Authenticated Server-Side Request Forgery via Diag API
Mar 27, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-53679 MEDIUM
Apache VCL < 2.5.2 - Cross-Site Scripting in User Lookup Form
Mar 25, 2025
CVSS 5.4
EPSS 0.00
CVE-2024-53678 HIGH
Apache VCL 2.2-2.5.1 - SQL Injection via Block Allocation Request Form
Mar 25, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-54016 MEDIUM
Apache Seata <2.3.0 - Data Amplification
Mar 20, 2025
CVSS 4.3
EPSS 0.01
CVE-2024-47552 CRITICAL
Apache Seata <2.2.0 - Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-56196 MEDIUM
Apache Traffic Server 10.0.0-10.0.3 - Improper Access Control
Mar 06, 2025
CVSS 6.3
EPSS 0.01
CVE-2024-56195 MEDIUM
Apache Traffic Server 9.2.0-9.2.8 10.0.0-10.0.3 - Improper Access Control
Mar 06, 2025
CVSS 6.3
EPSS 0.01
CVE-2024-38311 MEDIUM
Apache Traffic Server <9.2.8 - <9.2.11, <10.0.3 - Info Disclosure
Mar 06, 2025
CVSS 6.3
EPSS 0.01