apache
3,092 tracked vulnerabilities.
CVE-2024-45461
MEDIUM
Apache CloudStack <4.18.2.3 & <4.19.1.1 - Privilege Escalation
Oct 16, 2024
CVSS 5.7
EPSS 0.01
CVE-2024-45219
HIGH
Apache CloudStack <4.18.2.3-4.19.1.1 - Info Disclosure
Oct 16, 2024
CVSS 8.5
EPSS 0.01
CVE-2024-45217
HIGH
Apache Solr - Insecure Default Initialization of Resource
Oct 16, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-45216
CRITICAL
NUCLEI
Apache Solr 5.3.0-8.11.3 and 9.0.0-9.6.9 - Authentication Bypass via Fake URL Path Ending
Oct 16, 2024
CVSS 9.8
EPSS 0.91
CVE-2024-46911
MEDIUM
Apache Roller < 6.1.4 - Cross-Site Request Forgery and Privilege Escalation via Weblog Content Publishing
Oct 14, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-45720
HIGH
Apache Subversion <= 1.14.3 - OS Command Injection via Windows Command Line Argument Encoding
Oct 09, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-28168
HIGH
Apache XML Graphics FOP 2.9 - XML External Entity Injection
Oct 09, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-47554
MEDIUM
Apache Commons IO 2.0-2.13.0 - Uncontrolled Resource Consumption via XmlStreamReader
Oct 03, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-47561
HIGH
Apache Avro < 1.11.4 - Remote Code Execution via Schema Parsing
Oct 03, 2024
CVSS 7.3
EPSS 0.03
CVE-2024-45772
MEDIUM
Apache Lucene Replicator 4.4.0-9.11.9 - Deserialization of Untrusted Data in HTTP Package
Sep 30, 2024
CVSS 5.1
EPSS 0.01
CVE-2024-47197
HIGH
Maven Archetype Plugin <3.3.0 - Info Disclosure
Sep 26, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-40761
MEDIUM
Apache Answer <1.3.5 - Info Disclosure
Sep 25, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-23454
MEDIUM
Apache Hadoop < 3.4.0 - Insecure Temporary File Permissions
Sep 25, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-39928
HIGH
Apache Linkis <= 1.5.0 - Inadequate Encryption Strength in Spark EngineConn Token Generation
Sep 25, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-46544
MEDIUM
Apache Tomcat Connectors 1.2.9-1.2.49 - Incorrect Default Permissions in mod_jk Shared Memory
Sep 23, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-42323
HIGH
Apache HertzBeat < 1.6.0 - Authenticated Remote Code Execution via SnakeYAML Deserialization
Sep 21, 2024
CVSS 8.8
EPSS 0.04
CVE-2024-45537
MEDIUM
Apache Druid < 30.0.1 - Authenticated JDBC Property Injection via MySQL Connection String
Sep 17, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-45384
MEDIUM
Apache Druid <30.0.0 - Padding Oracle
Sep 17, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-22399
CRITICAL
Apache Seata <2.1.0-1.8.1 - Deserialization
Sep 16, 2024
CVSS 9.8
EPSS 0.03
CVE-2024-45498
HIGH
Apache Airflow <2.10.0 - Command Injection
Sep 07, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-45034
HIGH
Apache Airflow <2.10.1 - Code Injection
Sep 07, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-45507
CRITICAL
NUCLEI
Apache OFBiz <18.12.16 - SSRF/Code Injection
Sep 04, 2024
CVSS 9.8
EPSS 0.93
CVE-2024-45195
HIGH
KEVNUCLEI
Apache OFBiz <18.12.16 - Info Disclosure
Sep 04, 2024
CVSS 7.5
EPSS 1.00
CVE-2024-41937
MEDIUM
Apache Airflow < 2.10.0 - Stored Cross-Site Scripting via Provider Documentation Link
Aug 21, 2024
CVSS 6.1
EPSS 0.02
CVE-2024-22281
HIGH
Apache Helix Front (UI) - Info Disclosure
Aug 20, 2024
CVSS 7.5
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters