apache

2,899 tracked vulnerabilities.

CVE-2024-26280 MEDIUM
Apache Airflow < 2.8.2 - Authenticated Information Disclosure via Audit Log Permissions
Mar 01, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-27906 MEDIUM
Apache Airflow <2.8.2 - Info Disclosure
Feb 29, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-25065 CRITICAL
Apache OFBiz <18.12.12 - Path Traversal
Feb 29, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-23946 MEDIUM
Apache OFBiz < 18.12.12 - Path Traversal and Arbitrary File Inclusion
Feb 29, 2024
CVSS 5.3
EPSS 0.03
CVE-2024-23807 CRITICAL
Apache Xerces C++ 3.0.0-3.2.4 - Use-After-Free in External DTD Scanning
Feb 29, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-26016 MEDIUM
Apache Superset < 3.0.4, 3.1.0 - Authenticated Dashboard Ownership Takeover via Import
Feb 28, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-24779 MEDIUM
Apache Superset <3.0.4, >3.1.0-<3.1.1 - Info Disclosure
Feb 28, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-24773 MEDIUM
Apache Superset <3.0.4, >3.1.0-<3.1.1 - SQL Injection
Feb 28, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-24772 MEDIUM
Apache Superset <3.0.4, >3.1.0 - SQL Injection
Feb 28, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-27315 MEDIUM
Apache Superset <3.0.4, >3.1.0 - SQL Injection
Feb 28, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-21742 MEDIUM
Apache James MIME4J < 0.8.9 and apache-mime4j-core < 0.8.10 - Header Injection via MIME4J DOM
Feb 27, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-27905 CRITICAL
Apache Aurora >= 0.5.0 - Unauthenticated Exposure of Sensitive Information via Padding Oracle
Feb 27, 2024
CVSS 9.1
EPSS 0.02
CVE-2024-22371 LOW
Apache Camel <4.4.0 - Info Disclosure
Feb 26, 2024
CVSS 2.9
EPSS 0.01
CVE-2024-23320 HIGH
Apache DolphinScheduler < 3.2.1 - Authenticated Remote Code Execution via JavaScript Injection
Feb 23, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-26578 MEDIUM
Apache Answer <= 1.2.1 - Race Condition in User Registration
Feb 22, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-23349 MEDIUM
Apache Answer <= 1.2.1 - Authenticated Stored Cross-Site Scripting via Question Summary
Feb 22, 2024
CVSS 5.4
EPSS 0.05
CVE-2024-22393 CRITICAL
Apache Answer < 1.2.5 - Authenticated Denial of Service via Large Pixel File Upload
Feb 22, 2024
CVSS 9.1
EPSS 0.27
CVE-2024-25141 CRITICAL
Mongo Hook <4.0.0 - Info Disclosure
Feb 20, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-23114 CRITICAL
Apache Camel 3.0.0-3.21.3, 3.22.0, 4.0.0-4.0.3, 4.1.0-4.3.0 - Deserialization of Untrusted Data
Feb 20, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-22369 HIGH
Apache Camel <4.4.0 - Deserialization
Feb 20, 2024
CVSS 7.8
EPSS 0.12
CVE-2024-26308 MEDIUM
Apache Commons Compress 1.21-1.25 - Allocation of Resources Without Limits or Throttling
Feb 19, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-25710 HIGH
Apache Commons Compress 1.3-1.25.0 - Denial of Service via Infinite Loop
Feb 19, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-23952 MEDIUM
Apache Superset <= 2.1.2 and 3.0.0-3.0.1 - Authenticated Uncontrolled Resource Consumption via ZIP Import
Feb 14, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-23452 HIGH
Apache bRPC 0.9.5-1.7.0 - HTTP Request Smuggling via Transfer-Encoding and Content-Length Header
Feb 08, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-23673 HIGH
Apache Sling Servlets Resolver < 2.11.0 - Path Traversal and Remote Code Execution
Feb 06, 2024
CVSS 8.5
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV