apache
3,092 tracked vulnerabilities.
CVE-2024-45719
LOW
Apache Answer <= 1.4.0 - Inadequate Encryption Strength via UUID v1 Token Generation
Nov 22, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-52067
MEDIUM
Apache NiFi <2.0.0-M4 - Info Disclosure
Nov 21, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-31141
MEDIUM
Apache Kafka Clients - Improper Privilege Management
Nov 19, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-52318
MEDIUM
Apache Tomcat <11.0.1-9.0.97 - Memory Corruption
Nov 18, 2024
CVSS 6.1
EPSS 0.02
CVE-2024-52317
MEDIUM
Apache Tomcat <11.0.0-M26,<10.1.30,<9.0.95 - Memory Corruption
Nov 18, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-52316
CRITICAL
Apache Tomcat - Unchecked Error Condition
Nov 18, 2024
CVSS 9.8
EPSS 0.06
CVE-2024-48962
HIGH
Apache OFBiz < 18.12.17 - Cross-Site Request Forgery
Nov 18, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-47208
CRITICAL
Apache OFBiz <18.12.17 - SSRF/Code Injection
Nov 18, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-45791
HIGH
Apache HertzBeat < 1.6.1 - Exposure of Sensitive Information to an Unauthorized Actor
Nov 18, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-45505
HIGH
Apache HertzBeat <1.6.1 - Command Injection
Nov 18, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-41151
HIGH
Apache HertzBeat < 1.6.1 - Authenticated Deserialization of Untrusted Data
Nov 18, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-45784
HIGH
Apache Airflow <2.10.3 - Info Disclosure
Nov 15, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-50306
CRITICAL
Apache Traffic Server <9.2.6, <10.0.2 - Privilege Escalation
Nov 14, 2024
CVSS 9.1
EPSS 0.02
CVE-2024-50305
HIGH
Apache Traffic Server 9.2.0-9.2.5 - Denial of Service via Host Header
Nov 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-38479
HIGH
Apache Traffic Server <9.2.11 - Info Disclosure
Nov 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-50386
HIGH
Apache CloudStack 4.0.0-4.18.2.4 and 4.19.0.0-4.19.1.2 - Unauthenticated Template Registration to Host Filesystem Access
Nov 12, 2024
CVSS 8.5
EPSS 0.01
CVE-2024-50378
MEDIUM
Apache Airflow < 2.10.3 - Authenticated Sensitive Information Exposure in Audit Logs
Nov 08, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-51504
CRITICAL
Apache ZooKeeper 3.9.0-3.9.2 - Authentication Bypass by Spoofing via X-Forwarded-For Header
Nov 07, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-38286
HIGH
Apache Tomcat <11.0.0-M21 - Allocation of Resources Without Limits ...
Nov 07, 2024
CVSS 8.6
EPSS 0.02
CVE-2024-23590
CRITICAL
Apache Kylin <5.0.0 - Session Fixation
Nov 04, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-43383
HIGH
Apache Lucene.Net.Replicator 4.8.0-beta00005-4.8.0-beta00016 - Remote Code Execution via JSON Deserialization
Oct 31, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-45477
MEDIUM
Apache NiFi <1.28.0-<2.0.0-M4 - XSS
Oct 29, 2024
CVSS 4.6
EPSS 0.01
CVE-2024-45031
MEDIUM
Apache Syncope 2.1.0-3.0.8 - Stored Cross-Site Scripting via Incomplete HTML Tag Bypass
Oct 24, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-45693
HIGH
Apache CloudStack 4.15.1.0-4.18.2.3 and 4.19.0.0-4.19.1.1 - Cross-Site Request Forgery
Oct 16, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-45462
MEDIUM
Apache CloudStack <4.18.2.3 & <4.19.1.1 - Info Disclosure
Oct 16, 2024
CVSS 6.3
EPSS 0.00
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters