apache

2,899 tracked vulnerabilities.

CVE-2023-50270 MEDIUM
Apache DolphinScheduler 1.3.8-3.2.0 - Insufficient Session Expiration
Feb 20, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-49250 HIGH
Apache DolphinScheduler <3.2.0 - SSRF
Feb 20, 2024
CVSS 7.3
EPSS 0.00
CVE-2023-49109 CRITICAL
Apache DolphinScheduler <3.2.1 - RCE
Feb 20, 2024
CVSS 9.8
EPSS 0.07
CVE-2023-50386 HIGH
Apache Solr Backup/Restore APIs RCE
Feb 09, 2024
CVSS 8.8
EPSS 0.87
CVE-2023-50298 HIGH
Apache Solr 6.0.0-8.11.2, 9.0.0-9.4.0 - Exposure of Sensitive Information via Streaming Expression zkHost Parameter
Feb 09, 2024
CVSS 7.5
EPSS 0.00
CVE-2023-50292 HIGH
Apache Solr 8.10.0-8.11.2, 9.0.0-9.2.9 - Unauthenticated Remote Code Execution via Schema Designer ConfigSet
Feb 09, 2024
CVSS 7.5
EPSS 0.46
CVE-2023-50291 HIGH
Apache Solr 6.0.0-8.11.2 and 9.0.0-9.2.9 - Authenticated Credential Exposure via /admin/info/properties Endpoint
Feb 09, 2024
CVSS 7.5
EPSS 0.03
CVE-2023-39196 MEDIUM
Apache Ozone 1.2.0-1.3.0 - Unauthenticated Metadata Disclosure in Storage Container Manager
Feb 07, 2024
CVSS 5.3
EPSS 0.00
CVE-2023-51437 HIGH
Apache Pulsar <2.11.3, 3.0.2, 3.1.1 - Code Injection
Feb 07, 2024
CVSS 7.4
EPSS 0.00
CVE-2023-44313 HIGH
Apache ServiceComb < 2.2.0 - Server-Side Request Forgery
Jan 31, 2024
CVSS 7.6
EPSS 0.69
CVE-2023-44312 MEDIUM
Apache ServiceComb Service-Center < 2.1.0 - Exposure of Sensitive Information
Jan 31, 2024
CVSS 5.8
EPSS 0.00
CVE-2023-29055 HIGH
Apache Kylin <4.0.3 - Info Disclosure
Jan 29, 2024
CVSS 7.5
EPSS 0.00
CVE-2023-51702 MEDIUM
Apache Airflow 2.3.0-2.6.0 Sensitive Information Exposure in Deferrable Mode
Jan 24, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-50944 MEDIUM
Apache Airflow < 2.8.1 - Authenticated Unauthorized DAG Source Code Access
Jan 24, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-50943 HIGH
Apache Airflow < 2.8.1 - Deserialization of Untrusted Data via XCom Poisoning
Jan 24, 2024
CVSS 7.5
EPSS 0.00
CVE-2023-49657 CRITICAL
Apache Superset < 3.0.3 - Authenticated Stored Cross-Site Scripting in Chart or Dashboard
Jan 23, 2024
CVSS 9.6
EPSS 0.00
CVE-2023-46226 CRITICAL
Apache IoTDB 1.0.0-1.2.2 - Remote Code Execution
Jan 15, 2024
CVSS 9.8
EPSS 0.03
CVE-2023-50290 MEDIUM NUCLEI
Apache Solr 9.0.0-9.2.9 - Authenticated Exposure of Sensitive Information via Metrics API
Jan 15, 2024
CVSS 6.5
EPSS 0.93
CVE-2023-46749 MEDIUM
Apache Shiro <1.13.0, <2.0.0-alpha-4 - Path Traversal
Jan 15, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-49619 LOW
Apache Answer <= 1.2.0 - Race Condition in Question Bookmarking
Jan 10, 2024
CVSS 3.1
EPSS 0.01
CVE-2023-51441 HIGH
Apache Axis <= 1.3 - Server-Side Request Forgery via Admin Service
Jan 06, 2024
CVSS 7.2
EPSS 0.00
CVE-2023-51785 HIGH
Apache InLong <1.10.0 - Deserialization
Jan 03, 2024
CVSS 7.5
EPSS 0.00
CVE-2023-51784 CRITICAL
Apache InLong <1.10.0 - Code Injection
Jan 03, 2024
CVSS 9.8
EPSS 0.07
CVE-2023-49299 HIGH
Apache DolphinScheduler <3.1.9 - XSS
Dec 30, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-47804 HIGH
Apache OpenOffice < 4.1.15 - Unauthenticated Arbitrary Script Execution via Macro Link Activation
Dec 29, 2023
CVSS 8.8
EPSS 0.02
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV