apache

3,092 tracked vulnerabilities.

CVE-2024-41107 HIGH NUCLEI
Apache CloudStack 4.5.0-4.18.2.1 - Authentication Bypass via SAML Response Spoofing
Jul 19, 2024
CVSS 8.1
EPSS 0.18
CVE-2024-41172 HIGH
Apache CXF 3.6.0-3.6.3 and 4.0.0-4.0.4 - Memory Leak in HTTP Client Conduit
Jul 19, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-32007 HIGH
Apache CXF <4.0.5, 3.6.4, 3.5.9 - DoS
Jul 19, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-29736 CRITICAL
Apache CXF <4.0.5, 3.6.4, 3.5.9 - SSRF
Jul 19, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-29178 HIGH
Apache StreamPark <2.1.4 - Authenticated Remote Code Execution via Template Injection
Jul 18, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-40898 HIGH
Apache HTTP Server < 2.4.62 - Server-Side Request Forgery via mod_rewrite on Windows
Jul 18, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-40725 MEDIUM
Apache HTTP Server <2.4.61 - Info Disclosure
Jul 18, 2024
CVSS 5.3
EPSS 0.04
CVE-2024-29120 MEDIUM
Streampark <2.1.4 - Info Disclosure
Jul 17, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-31411 HIGH
Apache StreamPipes <= 0.93.0 - Authenticated Unrestricted Upload of File with Dangerous Type
Jul 17, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-31979 MEDIUM
Apache StreamPipes <= 0.93.0 - Server-Side Request Forgery via Pipeline Element Installation Endpoint
Jul 17, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-30471 LOW
Apache StreamPipes <= 0.93.0 - Time-of-check Time-of-use Race Condition in User Self-Registration
Jul 17, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-29737 MEDIUM
Apache StreamPark < 2.1.4 - Authenticated Remote Code Execution via Build Argument Injection
Jul 17, 2024
CVSS 4.7
EPSS 0.01
CVE-2024-39877 HIGH
Apache Airflow 2.4.0-2.9.2 - Authenticated Remote Code Execution via doc_md Parameter
Jul 17, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-39863 MEDIUM
Apache Airflow < 2.9.3 - Authenticated Stored Cross-Site Scripting via Provider Installation Link
Jul 17, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-39887 MEDIUM NUCLEI
Apache Superset < 4.0.2 - SQL Injection via PostgreSQL Engine-Specific Functions
Jul 16, 2024
CVSS 4.3
EPSS 0.04
CVE-2024-36522 CRITICAL
Apache Wicket XSLTResourceStream - XSLT Injection Remote Code Execution
Jul 12, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-37389 MEDIUM
Apache NiFi 1.10.0-1.26.0 & 2.0.0-M1-M3 - Authenticated Stored XSS in Parameter Context Description
Jul 08, 2024
CVSS 4.6
EPSS 0.24
CVE-2024-39864 CRITICAL
Apache CloudStack 4.0.0-4.18.2.0 - Unauthenticated Remote Code Execution via Integration API Service
Jul 05, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-38346 CRITICAL
Apache CloudStack 4.0.0-4.18.2.0 - Unauthenticated Remote Code Execution via Cluster Service Port
Jul 05, 2024
CVSS 9.8
EPSS 0.03
CVE-2024-39884 MEDIUM
Apache HTTP Server <2.4.60 - Info Disclosure
Jul 04, 2024
CVSS 6.2
EPSS 0.01
CVE-2024-34750 HIGH
Apache Tomcat 9.0.0-9.0.89, 10.1.0-M1-10.1.24, 11.0.0-M1-11.0.0-M20 - Denial of Service via HTTP/2 Stream Miscount
Jul 03, 2024
CVSS 7.5
EPSS 0.05
CVE-2024-39573 HIGH
Apache HTTP Server < 2.4.60 - Server-Side Request Forgery via mod_rewrite RewriteRule
Jul 01, 2024
CVSS 7.5
EPSS 0.35
CVE-2024-38477 HIGH
Apache HTTP Server <2.4.60 - Null Pointer Dereference
Jul 01, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-38476 CRITICAL
Apache HTTP Server <2.4.60 - Info Disclosure/SSRF
Jul 01, 2024
CVSS 9.8
EPSS 0.42
CVE-2024-38475 CRITICAL KEVNUCLEI
Apache HTTP Server < 2.4.60 - Remote Code Execution via mod_rewrite Unsafe Substitution
Jul 01, 2024
CVSS 9.1
EPSS 1.00