apache

3,092 tracked vulnerabilities.

CVE-2024-45461 MEDIUM
Apache CloudStack <4.18.2.3 & <4.19.1.1 - Privilege Escalation
Oct 16, 2024
CVSS 5.7
EPSS 0.01
CVE-2024-45219 HIGH
Apache CloudStack <4.18.2.3-4.19.1.1 - Info Disclosure
Oct 16, 2024
CVSS 8.5
EPSS 0.01
CVE-2024-45217 HIGH
Apache Solr - Insecure Default Initialization of Resource
Oct 16, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-45216 CRITICAL NUCLEI
Apache Solr 5.3.0-8.11.3 and 9.0.0-9.6.9 - Authentication Bypass via Fake URL Path Ending
Oct 16, 2024
CVSS 9.8
EPSS 0.91
CVE-2024-46911 MEDIUM
Apache Roller < 6.1.4 - Cross-Site Request Forgery and Privilege Escalation via Weblog Content Publishing
Oct 14, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-45720 HIGH
Apache Subversion <= 1.14.3 - OS Command Injection via Windows Command Line Argument Encoding
Oct 09, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-28168 HIGH
Apache XML Graphics FOP 2.9 - XML External Entity Injection
Oct 09, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-47554 MEDIUM
Apache Commons IO 2.0-2.13.0 - Uncontrolled Resource Consumption via XmlStreamReader
Oct 03, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-47561 HIGH
Apache Avro < 1.11.4 - Remote Code Execution via Schema Parsing
Oct 03, 2024
CVSS 7.3
EPSS 0.03
CVE-2024-45772 MEDIUM
Apache Lucene Replicator 4.4.0-9.11.9 - Deserialization of Untrusted Data in HTTP Package
Sep 30, 2024
CVSS 5.1
EPSS 0.01
CVE-2024-47197 HIGH
Maven Archetype Plugin <3.3.0 - Info Disclosure
Sep 26, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-40761 MEDIUM
Apache Answer <1.3.5 - Info Disclosure
Sep 25, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-23454 MEDIUM
Apache Hadoop < 3.4.0 - Insecure Temporary File Permissions
Sep 25, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-39928 HIGH
Apache Linkis <= 1.5.0 - Inadequate Encryption Strength in Spark EngineConn Token Generation
Sep 25, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-46544 MEDIUM
Apache Tomcat Connectors 1.2.9-1.2.49 - Incorrect Default Permissions in mod_jk Shared Memory
Sep 23, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-42323 HIGH
Apache HertzBeat < 1.6.0 - Authenticated Remote Code Execution via SnakeYAML Deserialization
Sep 21, 2024
CVSS 8.8
EPSS 0.04
CVE-2024-45537 MEDIUM
Apache Druid < 30.0.1 - Authenticated JDBC Property Injection via MySQL Connection String
Sep 17, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-45384 MEDIUM
Apache Druid <30.0.0 - Padding Oracle
Sep 17, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-22399 CRITICAL
Apache Seata <2.1.0-1.8.1 - Deserialization
Sep 16, 2024
CVSS 9.8
EPSS 0.03
CVE-2024-45498 HIGH
Apache Airflow <2.10.0 - Command Injection
Sep 07, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-45034 HIGH
Apache Airflow <2.10.1 - Code Injection
Sep 07, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-45507 CRITICAL NUCLEI
Apache OFBiz <18.12.16 - SSRF/Code Injection
Sep 04, 2024
CVSS 9.8
EPSS 0.93
CVE-2024-45195 HIGH KEVNUCLEI
Apache OFBiz <18.12.16 - Info Disclosure
Sep 04, 2024
CVSS 7.5
EPSS 1.00
CVE-2024-41937 MEDIUM
Apache Airflow < 2.10.0 - Stored Cross-Site Scripting via Provider Documentation Link
Aug 21, 2024
CVSS 6.1
EPSS 0.02
CVE-2024-22281 HIGH
Apache Helix Front (UI) - Info Disclosure
Aug 20, 2024
CVSS 7.5
EPSS 0.01