apache
3,084 tracked vulnerabilities.
CVE-2024-56202
MEDIUM
Apache Traffic Server <9.2.8, <10.0.3 - Expected Behavior Violation
Mar 06, 2025
CVSS 4.3
EPSS 0.01
CVE-2024-55532
CRITICAL
Apache Ranger <2.6.0 - Info Disclosure
Mar 03, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-24778
MEDIUM
Apache StreamPipes <0.97.0 - Privilege Escalation
Mar 03, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-56180
CRITICAL
Apache EventMesh 1.10.1-1.10.9 - Remote Code Execution via Hessian Deserialization in eventmesh-meta-raft
Feb 14, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-52577
CRITICAL
Apache Ignite 2.6.0-2.16.9 - Remote Code Execution via Unfiltered Class Deserialization
Feb 14, 2025
CVSS 9.0
EPSS 0.03
CVE-2024-46910
HIGH
Apache Atlas < 2.4.0 - Authenticated Cross-Site Scripting
Feb 13, 2025
CVSS 7.1
EPSS 0.01
CVE-2024-32838
HIGH
Apache Fineract 1.4.0-1.9 - Authenticated SQL Injection via REST API Query Parameters
Feb 12, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-45626
MEDIUM
Apache James Server < 3.7.6 and 3.8.0-3.8.2 - Denial of Service via JMAP HTML to Text Conversion
Feb 06, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-37358
HIGH
Apache James Server < 3.7.6 - Denial of Service via IMAP Literals Abuse
Feb 06, 2025
CVSS 8.6
EPSS 0.01
CVE-2024-48019
MEDIUM
Apache Doris 2.1.0-2.1.7 - Path Traversal and Arbitrary File Read
Feb 04, 2025
CVSS 5.4
EPSS 0.01
CVE-2024-27137
MEDIUM
Apache Cassandra 4.0.2-5.0.2 - Unauthenticated Credential Capture via JMX RMI Registry Manipulation
Feb 04, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-29869
MEDIUM
Apache Hive 1.1.0-4.0.0 - Unauthorized Sensitive Information Exposure via Temporary Credentials File
Jan 28, 2025
CVSS 5.5
EPSS 0.00
CVE-2024-23953
MEDIUM
Apache Hive 2.2.0-4.0.0 - Authenticated Observable Timing Discrepancy in LlapSignerImpl
Jan 28, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-52012
MEDIUM
Apache Solr <9.7.0 - Path Traversal
Jan 27, 2025
CVSS 5.4
EPSS 0.47
CVE-2024-53299
MEDIUM
Apache Wicket 7.0.0-7.17.9 and 8.0.0-8.16.9 - Denial of Service via Request Handling
Jan 23, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-51941
HIGH
Ambari - Authenticated Code Injection
Jan 21, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-45479
CRITICAL
Apache Ranger 2.4.0 - Server-Side Request Forgery in Edit Service Page
Jan 21, 2025
CVSS 9.1
EPSS 0.01
CVE-2024-45478
MEDIUM
Apache Ranger 2.4.0 - Stored Cross-Site Scripting in Edit Service Page
Jan 21, 2025
CVSS 4.8
EPSS 0.01
CVE-2024-45627
MEDIUM
Apache Linkis <1.7.0 - Info Disclosure
Jan 14, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-54676
CRITICAL
Apache OpenMeetings 2.1.0-8.0.0 - Deserialization of Untrusted Data via OpenJPA Configuration
Jan 08, 2025
CVSS 9.8
EPSS 0.65
CVE-2024-45033
HIGH
Apache Airflow Fab Provider <1.5.2 - Info Disclosure
Jan 08, 2025
CVSS 8.1
EPSS 0.01
CVE-2024-56512
MEDIUM
NUCLEI
Apache NiFi 1.10.0-2.0.0 - Authenticated Missing Authorization for Parameter Contexts and Controller Services
Dec 28, 2024
CVSS 5.4
EPSS 0.03
CVE-2024-52046
CRITICAL
Apache MINA 2.0.0-2.0.26, 2.1.0-2.1.9, 2.2.0-2.2.3 - Remote Code Execution via ObjectSerializationDecoder
Dec 25, 2024
CVSS 9.8
EPSS 0.24
CVE-2024-43441
CRITICAL
NUCLEI
Apache HugeGraph-Server 1.0.0-1.5.0 - Authentication Bypass by Assumed-Immutable Data
Dec 24, 2024
CVSS 9.8
EPSS 0.70
CVE-2024-45387
CRITICAL
Apache Traffic Control <=8.0.1, >=8.0.0 - SQL Injection
Dec 23, 2024
CVSS 9.9
EPSS 0.42
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters