apache
3,092 tracked vulnerabilities.
CVE-2024-41107
HIGH
NUCLEI
Apache CloudStack 4.5.0-4.18.2.1 - Authentication Bypass via SAML Response Spoofing
Jul 19, 2024
CVSS 8.1
EPSS 0.18
CVE-2024-41172
HIGH
Apache CXF 3.6.0-3.6.3 and 4.0.0-4.0.4 - Memory Leak in HTTP Client Conduit
Jul 19, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-32007
HIGH
Apache CXF <4.0.5, 3.6.4, 3.5.9 - DoS
Jul 19, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-29736
CRITICAL
Apache CXF <4.0.5, 3.6.4, 3.5.9 - SSRF
Jul 19, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-29178
HIGH
Apache StreamPark <2.1.4 - Authenticated Remote Code Execution via Template Injection
Jul 18, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-40898
HIGH
Apache HTTP Server < 2.4.62 - Server-Side Request Forgery via mod_rewrite on Windows
Jul 18, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-40725
MEDIUM
Apache HTTP Server <2.4.61 - Info Disclosure
Jul 18, 2024
CVSS 5.3
EPSS 0.04
CVE-2024-29120
MEDIUM
Streampark <2.1.4 - Info Disclosure
Jul 17, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-31411
HIGH
Apache StreamPipes <= 0.93.0 - Authenticated Unrestricted Upload of File with Dangerous Type
Jul 17, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-31979
MEDIUM
Apache StreamPipes <= 0.93.0 - Server-Side Request Forgery via Pipeline Element Installation Endpoint
Jul 17, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-30471
LOW
Apache StreamPipes <= 0.93.0 - Time-of-check Time-of-use Race Condition in User Self-Registration
Jul 17, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-29737
MEDIUM
Apache StreamPark < 2.1.4 - Authenticated Remote Code Execution via Build Argument Injection
Jul 17, 2024
CVSS 4.7
EPSS 0.01
CVE-2024-39877
HIGH
Apache Airflow 2.4.0-2.9.2 - Authenticated Remote Code Execution via doc_md Parameter
Jul 17, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-39863
MEDIUM
Apache Airflow < 2.9.3 - Authenticated Stored Cross-Site Scripting via Provider Installation Link
Jul 17, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-39887
MEDIUM
NUCLEI
Apache Superset < 4.0.2 - SQL Injection via PostgreSQL Engine-Specific Functions
Jul 16, 2024
CVSS 4.3
EPSS 0.04
CVE-2024-36522
CRITICAL
Apache Wicket XSLTResourceStream - XSLT Injection Remote Code Execution
Jul 12, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-37389
MEDIUM
Apache NiFi 1.10.0-1.26.0 & 2.0.0-M1-M3 - Authenticated Stored XSS in Parameter Context Description
Jul 08, 2024
CVSS 4.6
EPSS 0.24
CVE-2024-39864
CRITICAL
Apache CloudStack 4.0.0-4.18.2.0 - Unauthenticated Remote Code Execution via Integration API Service
Jul 05, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-38346
CRITICAL
Apache CloudStack 4.0.0-4.18.2.0 - Unauthenticated Remote Code Execution via Cluster Service Port
Jul 05, 2024
CVSS 9.8
EPSS 0.03
CVE-2024-39884
MEDIUM
Apache HTTP Server <2.4.60 - Info Disclosure
Jul 04, 2024
CVSS 6.2
EPSS 0.01
CVE-2024-34750
HIGH
Apache Tomcat 9.0.0-9.0.89, 10.1.0-M1-10.1.24, 11.0.0-M1-11.0.0-M20 - Denial of Service via HTTP/2 Stream Miscount
Jul 03, 2024
CVSS 7.5
EPSS 0.05
CVE-2024-39573
HIGH
Apache HTTP Server < 2.4.60 - Server-Side Request Forgery via mod_rewrite RewriteRule
Jul 01, 2024
CVSS 7.5
EPSS 0.35
CVE-2024-38477
HIGH
Apache HTTP Server <2.4.60 - Null Pointer Dereference
Jul 01, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-38476
CRITICAL
Apache HTTP Server <2.4.60 - Info Disclosure/SSRF
Jul 01, 2024
CVSS 9.8
EPSS 0.42
CVE-2024-38475
CRITICAL
KEVNUCLEI
Apache HTTP Server < 2.4.60 - Remote Code Execution via mod_rewrite Unsafe Substitution
Jul 01, 2024
CVSS 9.1
EPSS 1.00
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters