apache

2,899 tracked vulnerabilities.

CVE-2024-21733 MEDIUM
Apache Tomcat 8.5.7-8.5.63 and 9.0.0-M11-9.0.43 - Generation of Error Message Containing Sensitive Information
Jan 19, 2024
CVSS 5.3
EPSS 0.71
CVE-2023-50780 HIGH
Apache ActiveMQ Artemis < 2.29.0 - Authenticated Arbitrary File Write and Remote Code Execution via Log4J2 MBean
Oct 14, 2024
CVSS 8.8
EPSS 0.03
CVE-2023-49582 MEDIUM
Apache Portable Runtime 0.9.0-1.7.4 - Unprotected User Data Exposure via Shared Memory Permissions
Aug 26, 2024
CVSS 5.5
EPSS 0.00
CVE-2023-49198 HIGH
Apache SeaTunnel <1.0.1 - Info Disclosure
Aug 21, 2024
CVSS 7.5
EPSS 0.00
CVE-2023-48396 CRITICAL
Apache SeaTunnel <1.0.1 - Auth Bypass
Jul 30, 2024
CVSS 9.1
EPSS 0.00
CVE-2023-38522 HIGH
Apache Traffic Server <8.1.10, <9.2.4 - SSRF
Jul 26, 2024
CVSS 7.5
EPSS 0.00
CVE-2023-48362 HIGH
Apache Drill 1.19.0-1.21.1 - XML External Entity Injection in XML Format Plugin
Jul 24, 2024
CVSS 8.8
EPSS 0.00
CVE-2023-52291 MEDIUM
Apache StreamPark < 2.1.4 - Authenticated Remote Command Execution via Maven Build Args
Jul 17, 2024
CVSS 4.7
EPSS 0.00
CVE-2023-52290 HIGH
Apache StreamPark 2.0.0-2.1.3 - Authenticated SQL Injection via Sort Field
Jul 16, 2024
CVSS 8.1
EPSS 0.01
CVE-2023-49566 HIGH
Apache Linkis <=1.5.0 - Authenticated JNDI Injection via DB2 DataSource Parameters
Jul 15, 2024
CVSS 8.8
EPSS 0.01
CVE-2023-46801 HIGH
Apache Linkis <=1.5.0 - Authenticated RCE
Jul 15, 2024
CVSS 8.8
EPSS 0.04
CVE-2023-41916 MEDIUM
Apache Linkis <1.4.0 - Info Disclosure
Jul 15, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-35701 MEDIUM
Apache Hive 4.0.0-alpha-1 - Remote Code Execution via Malicious JDBC URL
May 03, 2024
CVSS 6.6
EPSS 0.01
CVE-2023-38709 HIGH
Apache HTTP Server <= 2.4.58 - HTTP Response Splitting via Faulty Input Validation
Apr 04, 2024
CVSS 7.3
EPSS 0.04
CVE-2023-41313 CRITICAL
Apache Doris <2.0.0 - Info Disclosure
Mar 12, 2024
CVSS 9.8
EPSS 0.00
CVE-2023-50740 MEDIUM
Apache Linkis <=1.4.0 - Sensitive Information Disclosure in Oracle Data Source Logs
Mar 06, 2024
CVSS 5.3
EPSS 0.00
CVE-2023-50378 MEDIUM
Apache Ambari < 2.7.8 - Stored Cross-Site Scripting
Mar 01, 2024
CVSS 6.1
EPSS 0.02
CVE-2023-50380 MEDIUM
Apache Ambari <= 2.7.7 - XML External Entity Injection
Feb 27, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-51747 HIGH
Apache James <3.8.1-3.7.5 - SMTP Smuggling
Feb 27, 2024
CVSS 7.1
EPSS 0.00
CVE-2023-51518 CRITICAL
Apache James <3.7.5, 3.8.0 - Privilege Escalation
Feb 27, 2024
CVSS 9.8
EPSS 0.00
CVE-2023-50379 HIGH
Apache Ambari < 2.7.8 - Authenticated Code Injection
Feb 27, 2024
CVSS 8.8
EPSS 0.01
CVE-2023-51653 CRITICAL
Hertzbeat <1.4.1 - Command Injection
Feb 22, 2024
CVSS 9.8
EPSS 0.04
CVE-2023-51389 CRITICAL
Hertzbeat < 1.4.1 - Deserialization of Untrusted Data via SnakeYAML Parser
Feb 22, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-51388 CRITICAL
Hertzbeat < 1.4.1 - AviatorScript Injection via Unrestricted AviatorEvaluator
Feb 22, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-51770 HIGH
Apache DolphinScheduler <3.2.1 - Info Disclosure
Feb 20, 2024
CVSS 7.5
EPSS 0.01
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV