apache
3,092 tracked vulnerabilities.
CVE-2024-42362
HIGH
Hertzbeat < 1.6.0 - Authenticated Remote Code Execution via Unsafe Deserialization in Monitor Import
Aug 20, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-42361
HIGH
Hertzbeat < 1.6.0 - SQL Injection via Metric Download Endpoint
Aug 20, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-43202
CRITICAL
Apache DolphinScheduler <3.2.2 - RCE
Aug 20, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-41909
MEDIUM
Apache MINA SSHD < 2.12.0 - Security Feature Downgrade via Terrapin Attack
Aug 12, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-41890
MEDIUM
Apache Answer <= 1.3.5 - Resource Exhaustion via Password Reset Email Links
Aug 12, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-41888
MEDIUM
Apache Answer <= 1.3.5 - Missing Release of Resource after Effective Lifetime
Aug 12, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-30188
HIGH
NUCLEI
Apache DolphinScheduler <3.2.2 - Info Disclosure
Aug 12, 2024
CVSS 8.1
EPSS 0.06
CVE-2024-29831
HIGH
Apache DolphinScheduler < 3.2.2 - Authenticated Remote Code Execution via Switch Task Plugin
Aug 12, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-42222
MEDIUM
Apache CloudStack 4.19.1.0 - Unauthenticated Exposure of Sensitive Network Information via Network Listing API
Aug 07, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-42062
HIGH
Apache CloudStack 4.10.0-4.19.1.0 - Authenticated Privilege Escalation via API Key Query
Aug 07, 2024
CVSS 7.2
EPSS 0.01
CVE-2024-36448
HIGH
Apache IoTDB Workbench <0.13.0 - SSRF
Aug 05, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-38856
CRITICAL
KEVNUCLEI
Apache OFBiz forgotPassword/ProgramExport RCE
Aug 05, 2024
CVSS 9.8
EPSS 0.99
CVE-2024-42447
CRITICAL
Apache Airflow Providers FAB - Info Disclosure
Aug 05, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-36268
CRITICAL
Apache InLong <1.12.0 - Code Injection
Aug 02, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-27182
MEDIUM
Apache Linkis <=1.5.0 - Privilege Escalation
Aug 02, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-27181
HIGH
Apache Linkis <=1.5.0 - Privilege Escalation
Aug 02, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-35296
HIGH
Apache Traffic Server 8.0.0-8.1.10 and 9.0.0-9.2.4 - Denial of Service via Invalid Accept-Encoding Header
Jul 26, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-35161
HIGH
Apache Traffic Server 8.0.0-8.1.10 and 9.0.0-9.2.4 - HTTP Request Smuggling via Malformed Chunked Trailer
Jul 26, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-25090
MEDIUM
Apache Roller 5.0.0-6.1.2 - Authenticated Stored Cross-Site Scripting in Profile and Bookmark Features
Jul 26, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-39676
HIGH
Apache Pinot 0.1-1.0.0 - Exposure of Sensitive Information via /appconfigs Endpoint
Jul 24, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-41178
HIGH
Apache Arrow Rust Object Store < 0.10.1 - Sensitive Information Exposure in Logs via AWS WebIdentityToken
Jul 23, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-29070
CRITICAL
Apache StreamPark 1.0.0-2.1.3 - Insufficient Session Expiration
Jul 23, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-38503
MEDIUM
Apache Syncope 2.1.0-2.1.13 Stored XSS in Console/Enduser Text Fields
Jul 22, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-34457
MEDIUM
Apache StreamPark < 2.1.4 - Authorization Bypass via User Token
Jul 22, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-23321
HIGH
Apache RocketMQ 4.5.2-5.2.0 - Authenticated Sensitive Information Exposure via Specific Interfaces
Jul 22, 2024
CVSS 8.8
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters