apache

2,899 tracked vulnerabilities.

CVE-2024-29006 CRITICAL
Apache CloudStack 4.11.0.0-4.18.1.0 - Authentication Bypass via X-Forwarded-For Header Spoofing
Apr 04, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-29834 MEDIUM
Apache Kafka - Privilege Escalation
Apr 02, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-23539 HIGH
Apache Fineract < 1.8.5 - SQL Injection
Mar 29, 2024
CVSS 8.3
EPSS 0.01
CVE-2024-23538 CRITICAL
Apache Fineract < 1.8.5 - SQL Injection
Mar 29, 2024
CVSS 9.9
EPSS 0.00
CVE-2024-23537 HIGH
Apache Fineract < 1.9.0 - Improper Privilege Management
Mar 29, 2024
CVSS 8.4
EPSS 0.00
CVE-2024-29735 MEDIUM
Apache Airflow <2.8.3 - Privilege Escalation
Mar 26, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-27438 CRITICAL
Apache Doris 1.2.0-2.0.4 - Remote Code Execution via Unchecked JDBC Driver File
Mar 21, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-26307 MEDIUM
Apache Doris < 1.2.8, < 2.0.4 - Race Condition via chmod() Method
Mar 21, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-29133 MEDIUM
Apache Commons Configuration 2.0-2.10.0 - Out-of-bounds Write
Mar 21, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-29131 HIGH
Apache Commons Configuration 2.0-2.10.0 - Out-of-bounds Write
Mar 21, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-27439 MEDIUM
Apache Wicket <9.16.0 - Auth Bypass
Mar 19, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-24683 MEDIUM
Apache Hop Engine <2.8.0 - Info Disclosure
Mar 19, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-28752 CRITICAL NUCLEI
Apache CXF < 3.5.8 - Server-Side Request Forgery via Aegis DataBinding
Mar 15, 2024
CVSS 9.3
EPSS 0.51
CVE-2024-23944 MEDIUM
Apache ZooKeeper 3.6.0-3.7.1 and 3.8.0-3.8.3 - Information Disclosure via Persistent Watcher ACL Bypass
Mar 15, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-28746 HIGH
Apache Airflow <2.8.3 - Info Disclosure
Mar 14, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-24549 HIGH
Apache Tomcat <11.0.0-M16, <10.1.18, <9.0.85, <=8.5.98 - DoS
Mar 13, 2024
CVSS 7.5
EPSS 0.65
CVE-2024-23672 MEDIUM
Apache Tomcat 8.5.0-8.5.98, 9.0.0-M1-9.0.85, 10.1.0-M1-10.1.18, 11.0.0-M1-M16 DoS via WebSocket Cleanup
Mar 13, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-28098 MEDIUM
Apache Pulsar 2.7.1-2.10.5 2.11.0-2.11.3 3.0.0-3.0.2 3.1.0-3.1.2 3.2.0 - Authenticated Incorrect Authorization
Mar 12, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-27894 HIGH
Pulsar Functions Worker - Code Injection
Mar 12, 2024
CVSS 8.5
EPSS 0.00
CVE-2024-27317 HIGH
Pulsar Functions Worker - Path Traversal
Mar 12, 2024
CVSS 8.4
EPSS 0.01
CVE-2024-27135 HIGH
Apache Pulsar 2.4.0-2.10.5, 2.11.0-2.11.3, 3.0.0-3.0.2, 3.1.0-3.1.2, 3.2.0 - Remote Code Execution
Mar 12, 2024
CVSS 8.5
EPSS 0.00
CVE-2024-26580 CRITICAL
Apache InLong 1.8.0-1.10.0 - Arbitrary File Read via Deserialization
Mar 06, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-27140 MEDIUM
Apache Archiva >= 2.0.0 - Cross-Site Scripting
Mar 01, 2024
CVSS 5.4
EPSS 0.06
CVE-2024-27139 HIGH
Apache Archiva <2.0.0 - Unauthorized Access
Mar 01, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-27138 HIGH
Apache Archiva - Incorrect Authorization via User Registration Bypass
Mar 01, 2024
CVSS 7.5
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV