apache

3,092 tracked vulnerabilities.

CVE-2024-45719 LOW
Apache Answer <= 1.4.0 - Inadequate Encryption Strength via UUID v1 Token Generation
Nov 22, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-52067 MEDIUM
Apache NiFi <2.0.0-M4 - Info Disclosure
Nov 21, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-31141 MEDIUM
Apache Kafka Clients - Improper Privilege Management
Nov 19, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-52318 MEDIUM
Apache Tomcat <11.0.1-9.0.97 - Memory Corruption
Nov 18, 2024
CVSS 6.1
EPSS 0.02
CVE-2024-52317 MEDIUM
Apache Tomcat <11.0.0-M26,<10.1.30,<9.0.95 - Memory Corruption
Nov 18, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-52316 CRITICAL
Apache Tomcat - Unchecked Error Condition
Nov 18, 2024
CVSS 9.8
EPSS 0.06
CVE-2024-48962 HIGH
Apache OFBiz < 18.12.17 - Cross-Site Request Forgery
Nov 18, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-47208 CRITICAL
Apache OFBiz <18.12.17 - SSRF/Code Injection
Nov 18, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-45791 HIGH
Apache HertzBeat < 1.6.1 - Exposure of Sensitive Information to an Unauthorized Actor
Nov 18, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-45505 HIGH
Apache HertzBeat <1.6.1 - Command Injection
Nov 18, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-41151 HIGH
Apache HertzBeat < 1.6.1 - Authenticated Deserialization of Untrusted Data
Nov 18, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-45784 HIGH
Apache Airflow <2.10.3 - Info Disclosure
Nov 15, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-50306 CRITICAL
Apache Traffic Server <9.2.6, <10.0.2 - Privilege Escalation
Nov 14, 2024
CVSS 9.1
EPSS 0.02
CVE-2024-50305 HIGH
Apache Traffic Server 9.2.0-9.2.5 - Denial of Service via Host Header
Nov 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-38479 HIGH
Apache Traffic Server <9.2.11 - Info Disclosure
Nov 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-50386 HIGH
Apache CloudStack 4.0.0-4.18.2.4 and 4.19.0.0-4.19.1.2 - Unauthenticated Template Registration to Host Filesystem Access
Nov 12, 2024
CVSS 8.5
EPSS 0.01
CVE-2024-50378 MEDIUM
Apache Airflow < 2.10.3 - Authenticated Sensitive Information Exposure in Audit Logs
Nov 08, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-51504 CRITICAL
Apache ZooKeeper 3.9.0-3.9.2 - Authentication Bypass by Spoofing via X-Forwarded-For Header
Nov 07, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-38286 HIGH
Apache Tomcat <11.0.0-M21 - Allocation of Resources Without Limits ...
Nov 07, 2024
CVSS 8.6
EPSS 0.02
CVE-2024-23590 CRITICAL
Apache Kylin <5.0.0 - Session Fixation
Nov 04, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-43383 HIGH
Apache Lucene.Net.Replicator 4.8.0-beta00005-4.8.0-beta00016 - Remote Code Execution via JSON Deserialization
Oct 31, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-45477 MEDIUM
Apache NiFi <1.28.0-<2.0.0-M4 - XSS
Oct 29, 2024
CVSS 4.6
EPSS 0.01
CVE-2024-45031 MEDIUM
Apache Syncope 2.1.0-3.0.8 - Stored Cross-Site Scripting via Incomplete HTML Tag Bypass
Oct 24, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-45693 HIGH
Apache CloudStack 4.15.1.0-4.18.2.3 and 4.19.0.0-4.19.1.1 - Cross-Site Request Forgery
Oct 16, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-45462 MEDIUM
Apache CloudStack <4.18.2.3 & <4.19.1.1 - Info Disclosure
Oct 16, 2024
CVSS 6.3
EPSS 0.00