apache

2,899 tracked vulnerabilities.

CVE-2023-51467 CRITICAL NUCLEI
Apache OFBiz XML-RPC Java Deserialization
Dec 26, 2023
CVSS 9.8
EPSS 0.94
CVE-2023-50968 HIGH NUCLEI
Apache OFBiz < 18.12.11 - Unauthenticated Arbitrary File Read and Server-Side Request Forgery
Dec 26, 2023
CVSS 7.5
EPSS 0.84
CVE-2023-51650 HIGH
Hertzbeat < 1.4.1 - Unauthenticated Sensitive Information Disclosure via Spring Boot Permission Misconfiguration
Dec 22, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-51387 HIGH
Hertzbeat <1.4.1 - Command Injection
Dec 22, 2023
CVSS 7.2
EPSS 0.01
CVE-2023-51656 CRITICAL
Apache IoTDB <1.2.2 - Deserialization
Dec 21, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-50783 MEDIUM
Apache Airflow < 2.8.0 - Authenticated Unauthorized Variable Modification
Dec 21, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-49920 MEDIUM
Apache Airflow 2.7.0-2.7.3 - Cross-Site Request Forgery via DAG Trigger GET Request
Dec 21, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-48291 MEDIUM
Apache Airflow < 2.8.0 - Authenticated DAG Resource Access Control Bypass
Dec 21, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-47265 MEDIUM
Apache Airflow 2.6.0-2.7.3 - Stored Cross-Site Scripting in DAG Parameter Description Field
Dec 21, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-37544 HIGH
Apache Pulsar WebSocket Proxy 2.8.0-2.11.1, 3.0.0 - DoS via /pingpong
Dec 20, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-43826 HIGH
Apache Guacamole <1.5.3 - Memory Corruption
Dec 19, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-49736 MEDIUM
Apache Superset < 2.1.2, 3.0.0-3.0.1 - SQL Injection via JINJA where_in Macro
Dec 19, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-49734 HIGH
Apache Superset < 2.1.2, 3.0.0-3.0.1 - Authenticated Incorrect Authorization via Dashboard Chart Ownership
Dec 19, 2023
CVSS 7.7
EPSS 0.00
CVE-2023-46104 MEDIUM
Apache Superset <= 2.1.2, 3.0.0-3.0.1 - Authenticated Uncontrolled Resource Consumption via Malicious ZIP Import
Dec 19, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-48795 MEDIUM NUCLEI
OpenSSH <9.6 - Open Redirect
Dec 18, 2023
CVSS 5.9
EPSS 0.54
CVE-2023-41314 HIGH
Apache Doris < 2.0.3 - Unauthenticated Arbitrary File Read and Denial of Service via Snapshot and Log File API
Dec 18, 2023
CVSS 8.2
EPSS 0.00
CVE-2023-49898 HIGH
Apache StreamPark 2.0.0-2.1.1 - Authenticated Remote Code Execution via Maven Compilation Parameters
Dec 15, 2023
CVSS 7.2
EPSS 0.02
CVE-2023-30867 MEDIUM
Apache StreamPark 2.0.0-2.1.1 - SQL Injection via Fuzzy Search Parameter
Dec 15, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-46279 CRITICAL
Apache Dubbo <3.1.5 - Use After Free
Dec 15, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-29234 CRITICAL
Apache Dubbo <3.1.10, <3.2.4 - Deserialization
Dec 15, 2023
CVSS 9.8
EPSS 0.89
CVE-2023-46750 MEDIUM
Apache Shiro < 1.13.0 - Open Redirect via Form Authentication
Dec 14, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-45725 MEDIUM
Apache CouchDB < 3.3.2 - Exposure of Sensitive Information via Design Document Functions
Dec 13, 2023
CVSS 5.7
EPSS 0.00
CVE-2023-50164 CRITICAL
Apache Struts 2.0.0-2.5.32 - Path Traversal and Remote Code Execution via File Upload
Dec 07, 2023
CVSS 9.8
EPSS 0.93
CVE-2023-41835 HIGH
Struts <2.5.32-6.3.0.1 - Info Disclosure
Dec 05, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-49070 CRITICAL NUCLEI
Apache OFBiz < 18.12.10 - Unauthenticated Remote Code Execution via XML-RPC
Dec 05, 2023
CVSS 9.8
EPSS 0.94
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV