apache
3,084 tracked vulnerabilities.
CVE-2024-23945
MEDIUM
Apache Hive 1.2.0-4.0.0 and Apache Spark 2.0.0-3.3.4 - Sensitive Information Exposure via Cookie Signature Mismatch
Dec 23, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-56337
CRITICAL
Apache Tomcat 9.0.0-9.0.97, 10.1.0-M1-10.1.33, 11.0.0-M1-11.0.1 - Time-of-check Time-of-use Race Condition
Dec 20, 2024
CVSS 9.8
EPSS 0.09
CVE-2024-56128
MEDIUM
Apache Kafka 0.10.2.0-3.9.0 - Authentication Bypass via SCRAM Nonce Validation Omission
Dec 18, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-54677
MEDIUM
Apache Tomcat 8.5.0-8.5.100, 9.0.0.M1-9.0.97, 10.1.0-M1-10.1.33, 11.0.0-M1-11.0.1 - DoS via Examples Web App
Dec 17, 2024
CVSS 5.3
EPSS 0.02
CVE-2024-50379
CRITICAL
Apache Tomcat 9.0.0-9.0.97, 10.1.0-M1-10.1.33, 11.0.0-M1-11.0.1 - RCE via TOCTOU Race Condition in JSP Compilation
Dec 17, 2024
CVSS 9.8
EPSS 0.44
CVE-2024-55633
MEDIUM
Apache Superset < 4.1.0 - Incorrect Authorization via SQL DML Statement
Dec 12, 2024
CVSS 6.5
EPSS 0.03
CVE-2024-53677
CRITICAL
Apache Struts 2.0.0-6.3.9 - Path Traversal and Remote Code Execution via File Upload
Dec 11, 2024
CVSS 9.8
EPSS 0.78
CVE-2024-53949
MEDIUM
Apache Superset <4.1.0 - Auth Bypass
Dec 09, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-53948
MEDIUM
Apache Superset <4.1.0 - Info Disclosure
Dec 09, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-53947
CRITICAL
Apache Superset <4.1.0 - SQL Injection
Dec 09, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-46901
LOW
Apache Subversion <1.14.4 - Info Disclosure
Dec 09, 2024
CVSS 3.1
EPSS 0.02
CVE-2024-45106
HIGH
Apache Ozone 1.4.0 - Authenticated S3 Secret Manipulation via HTTP Endpoint
Dec 03, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-52338
CRITICAL
Apache Arrow R <16.1.0 - Code Injection
Nov 28, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-51569
HIGH
Apache NimBLE <1.8.0 - Info Disclosure
Nov 26, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-47250
MEDIUM
Apache NimBLE <1.8.0 - Info Disclosure
Nov 26, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-47249
MEDIUM
Apache NimBLE <1.8.0 - Memory Corruption
Nov 26, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-47248
MEDIUM
Apache NimBLE <1.7.0 - Buffer Overflow
Nov 26, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-45719
LOW
Apache Answer <= 1.4.0 - Inadequate Encryption Strength via UUID v1 Token Generation
Nov 22, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-52067
MEDIUM
Apache NiFi <2.0.0-M4 - Info Disclosure
Nov 21, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-31141
MEDIUM
Apache Kafka Clients - Improper Privilege Management
Nov 19, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-52318
MEDIUM
Apache Tomcat <11.0.1-9.0.97 - Memory Corruption
Nov 18, 2024
CVSS 6.1
EPSS 0.02
CVE-2024-52317
MEDIUM
Apache Tomcat <11.0.0-M26,<10.1.30,<9.0.95 - Memory Corruption
Nov 18, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-52316
CRITICAL
Apache Tomcat - Unchecked Error Condition
Nov 18, 2024
CVSS 9.8
EPSS 0.06
CVE-2024-48962
HIGH
Apache OFBiz < 18.12.17 - Cross-Site Request Forgery
Nov 18, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-47208
CRITICAL
Apache OFBiz <18.12.17 - SSRF/Code Injection
Nov 18, 2024
CVSS 9.8
EPSS 0.02
Products
http_server 330
tomcat 261
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 28
ambari 26
apisix 25
tika 25
jspwiki 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
Quick Filters