apache

3,084 tracked vulnerabilities.

CVE-2024-56202 MEDIUM
Apache Traffic Server <9.2.8, <10.0.3 - Expected Behavior Violation
Mar 06, 2025
CVSS 4.3
EPSS 0.01
CVE-2024-55532 CRITICAL
Apache Ranger <2.6.0 - Info Disclosure
Mar 03, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-24778 MEDIUM
Apache StreamPipes <0.97.0 - Privilege Escalation
Mar 03, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-56180 CRITICAL
Apache EventMesh 1.10.1-1.10.9 - Remote Code Execution via Hessian Deserialization in eventmesh-meta-raft
Feb 14, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-52577 CRITICAL
Apache Ignite 2.6.0-2.16.9 - Remote Code Execution via Unfiltered Class Deserialization
Feb 14, 2025
CVSS 9.0
EPSS 0.03
CVE-2024-46910 HIGH
Apache Atlas < 2.4.0 - Authenticated Cross-Site Scripting
Feb 13, 2025
CVSS 7.1
EPSS 0.01
CVE-2024-32838 HIGH
Apache Fineract 1.4.0-1.9 - Authenticated SQL Injection via REST API Query Parameters
Feb 12, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-45626 MEDIUM
Apache James Server < 3.7.6 and 3.8.0-3.8.2 - Denial of Service via JMAP HTML to Text Conversion
Feb 06, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-37358 HIGH
Apache James Server < 3.7.6 - Denial of Service via IMAP Literals Abuse
Feb 06, 2025
CVSS 8.6
EPSS 0.01
CVE-2024-48019 MEDIUM
Apache Doris 2.1.0-2.1.7 - Path Traversal and Arbitrary File Read
Feb 04, 2025
CVSS 5.4
EPSS 0.01
CVE-2024-27137 MEDIUM
Apache Cassandra 4.0.2-5.0.2 - Unauthenticated Credential Capture via JMX RMI Registry Manipulation
Feb 04, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-29869 MEDIUM
Apache Hive 1.1.0-4.0.0 - Unauthorized Sensitive Information Exposure via Temporary Credentials File
Jan 28, 2025
CVSS 5.5
EPSS 0.00
CVE-2024-23953 MEDIUM
Apache Hive 2.2.0-4.0.0 - Authenticated Observable Timing Discrepancy in LlapSignerImpl
Jan 28, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-52012 MEDIUM
Apache Solr <9.7.0 - Path Traversal
Jan 27, 2025
CVSS 5.4
EPSS 0.47
CVE-2024-53299 MEDIUM
Apache Wicket 7.0.0-7.17.9 and 8.0.0-8.16.9 - Denial of Service via Request Handling
Jan 23, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-51941 HIGH
Ambari - Authenticated Code Injection
Jan 21, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-45479 CRITICAL
Apache Ranger 2.4.0 - Server-Side Request Forgery in Edit Service Page
Jan 21, 2025
CVSS 9.1
EPSS 0.01
CVE-2024-45478 MEDIUM
Apache Ranger 2.4.0 - Stored Cross-Site Scripting in Edit Service Page
Jan 21, 2025
CVSS 4.8
EPSS 0.01
CVE-2024-45627 MEDIUM
Apache Linkis <1.7.0 - Info Disclosure
Jan 14, 2025
CVSS 5.9
EPSS 0.00
CVE-2024-54676 CRITICAL
Apache OpenMeetings 2.1.0-8.0.0 - Deserialization of Untrusted Data via OpenJPA Configuration
Jan 08, 2025
CVSS 9.8
EPSS 0.65
CVE-2024-45033 HIGH
Apache Airflow Fab Provider <1.5.2 - Info Disclosure
Jan 08, 2025
CVSS 8.1
EPSS 0.01
CVE-2024-56512 MEDIUM NUCLEI
Apache NiFi 1.10.0-2.0.0 - Authenticated Missing Authorization for Parameter Contexts and Controller Services
Dec 28, 2024
CVSS 5.4
EPSS 0.03
CVE-2024-52046 CRITICAL
Apache MINA 2.0.0-2.0.26, 2.1.0-2.1.9, 2.2.0-2.2.3 - Remote Code Execution via ObjectSerializationDecoder
Dec 25, 2024
CVSS 9.8
EPSS 0.24
CVE-2024-43441 CRITICAL NUCLEI
Apache HugeGraph-Server 1.0.0-1.5.0 - Authentication Bypass by Assumed-Immutable Data
Dec 24, 2024
CVSS 9.8
EPSS 0.70
CVE-2024-45387 CRITICAL
Apache Traffic Control <=8.0.1, >=8.0.0 - SQL Injection
Dec 23, 2024
CVSS 9.9
EPSS 0.42