apache

3,092 tracked vulnerabilities.

CVE-2024-42362 HIGH
Hertzbeat < 1.6.0 - Authenticated Remote Code Execution via Unsafe Deserialization in Monitor Import
Aug 20, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-42361 HIGH
Hertzbeat < 1.6.0 - SQL Injection via Metric Download Endpoint
Aug 20, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-43202 CRITICAL
Apache DolphinScheduler <3.2.2 - RCE
Aug 20, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-41909 MEDIUM
Apache MINA SSHD < 2.12.0 - Security Feature Downgrade via Terrapin Attack
Aug 12, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-41890 MEDIUM
Apache Answer <= 1.3.5 - Resource Exhaustion via Password Reset Email Links
Aug 12, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-41888 MEDIUM
Apache Answer <= 1.3.5 - Missing Release of Resource after Effective Lifetime
Aug 12, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-30188 HIGH NUCLEI
Apache DolphinScheduler <3.2.2 - Info Disclosure
Aug 12, 2024
CVSS 8.1
EPSS 0.06
CVE-2024-29831 HIGH
Apache DolphinScheduler < 3.2.2 - Authenticated Remote Code Execution via Switch Task Plugin
Aug 12, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-42222 MEDIUM
Apache CloudStack 4.19.1.0 - Unauthenticated Exposure of Sensitive Network Information via Network Listing API
Aug 07, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-42062 HIGH
Apache CloudStack 4.10.0-4.19.1.0 - Authenticated Privilege Escalation via API Key Query
Aug 07, 2024
CVSS 7.2
EPSS 0.01
CVE-2024-36448 HIGH
Apache IoTDB Workbench <0.13.0 - SSRF
Aug 05, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-38856 CRITICAL KEVNUCLEI
Apache OFBiz forgotPassword/ProgramExport RCE
Aug 05, 2024
CVSS 9.8
EPSS 0.99
CVE-2024-42447 CRITICAL
Apache Airflow Providers FAB - Info Disclosure
Aug 05, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-36268 CRITICAL
Apache InLong <1.12.0 - Code Injection
Aug 02, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-27182 MEDIUM
Apache Linkis <=1.5.0 - Privilege Escalation
Aug 02, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-27181 HIGH
Apache Linkis <=1.5.0 - Privilege Escalation
Aug 02, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-35296 HIGH
Apache Traffic Server 8.0.0-8.1.10 and 9.0.0-9.2.4 - Denial of Service via Invalid Accept-Encoding Header
Jul 26, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-35161 HIGH
Apache Traffic Server 8.0.0-8.1.10 and 9.0.0-9.2.4 - HTTP Request Smuggling via Malformed Chunked Trailer
Jul 26, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-25090 MEDIUM
Apache Roller 5.0.0-6.1.2 - Authenticated Stored Cross-Site Scripting in Profile and Bookmark Features
Jul 26, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-39676 HIGH
Apache Pinot 0.1-1.0.0 - Exposure of Sensitive Information via /appconfigs Endpoint
Jul 24, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-41178 HIGH
Apache Arrow Rust Object Store < 0.10.1 - Sensitive Information Exposure in Logs via AWS WebIdentityToken
Jul 23, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-29070 CRITICAL
Apache StreamPark 1.0.0-2.1.3 - Insufficient Session Expiration
Jul 23, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-38503 MEDIUM
Apache Syncope 2.1.0-2.1.13 Stored XSS in Console/Enduser Text Fields
Jul 22, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-34457 MEDIUM
Apache StreamPark < 2.1.4 - Authorization Bypass via User Token
Jul 22, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-23321 HIGH
Apache RocketMQ 4.5.2-5.2.0 - Authenticated Sensitive Information Exposure via Specific Interfaces
Jul 22, 2024
CVSS 8.8
EPSS 0.01