apache

2,899 tracked vulnerabilities.

CVE-2023-49735 HIGH
Apache Tiles >= 2.0 - Path Traversal and Server-Side Request Forgery via DefaultLocaleResolver.LOCALE_KEY
Nov 30, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-49733 CRITICAL
Apache Cocoon 2.2.0-2.2.9 - XML External Entity Injection
Nov 30, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-49620 MEDIUM
Apache DolphinScheduler < 3.1.0 - Authenticated Insecure Direct Object Reference in UDF Function Deletion
Nov 30, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-42504 MEDIUM
Apache Superset < 3.0.0 - Authenticated Denial of Service via Concurrent Dashboard Export Requests
Nov 28, 2023
CVSS 5.8
EPSS 0.00
CVE-2023-42505 MEDIUM
Apache Superset < 3.0.0 - Authenticated Exposure of Sensitive Database Connection Information
Nov 28, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-42502 MEDIUM
Apache Superset < 3.0.0 - Authenticated Open Redirect via HTTP Host Header Spoofing
Nov 28, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-46589 HIGH
Apache Tomcat <11.0.0-M10 - Request Smuggling
Nov 28, 2023
CVSS 7.5
EPSS 0.54
CVE-2023-49145 HIGH
Apache NiFi 0.7.0-1.23.2 - Authenticated DOM-Based Cross-Site Scripting in JoltTransformJSON Processor
Nov 27, 2023
CVSS 7.9
EPSS 0.00
CVE-2023-43701 MEDIUM
Apache Superset <2.1.2 - Code Injection
Nov 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-42501 MEDIUM
Apache Superset < 2.1.2 - Authenticated Unnecessary Read Permissions in Gamma Role
Nov 27, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-40610 MEDIUM
Apache Superset <2.1.2 - Privilege Escalation
Nov 27, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-49068 HIGH
Apache DolphinScheduler <3.2.1 - Info Disclosure
Nov 27, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-48796 HIGH
Apache DolphinScheduler - Info Disclosure
Nov 24, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-43123 MEDIUM
Apache Storm 2.0.0-2.5.9 - Information Exposure via Insecure Temporary File Permissions
Nov 23, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-37924 CRITICAL
Apache Submarine 0.7.0-0.7.9 - SQL Injection via Login
Nov 22, 2023
CVSS 9.8
EPSS 0.77
CVE-2023-46302 CRITICAL
Apache Submarine - YAML Deserialization
Nov 20, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-26031 HIGH
Apache Hadoop <3.3.4 - Privilege Escalation
Nov 16, 2023
CVSS 7.5
EPSS 0.09
CVE-2023-47037 MEDIUM
Apache Airflow < 2.7.3 - Authenticated DAG Run Detail Modification via Notes Submission
Nov 12, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-42781 MEDIUM
Apache Airflow < 2.7.3 - Authenticated Exposure of Sensitive Task Instance Information
Nov 12, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-47248 CRITICAL NUCLEI
PyArrow 0.14.0-14.0.0 - Remote Code Execution via Untrusted Data Deserialization
Nov 09, 2023
CVSS 9.8
EPSS 0.85
CVE-2023-39913 HIGH
Apache UIMA Java SDK < 3.5.0 - Remote Code Execution via Untrusted Java Deserialization
Nov 08, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-46819 MEDIUM
Apache OFBiz <18.12.09 - Info Disclosure
Nov 07, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-46851 MEDIUM
Apache Allura <1.16.0 - Info Disclosure
Nov 07, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-46215 HIGH
Apache Airflow <2.6.3, <3.4.0 - Info Disclosure
Oct 28, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-46604 CRITICAL KEVNUCLEI
Java OpenWire - Deserialization RCE
Oct 27, 2023
CVSS 10.0
EPSS 0.94
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV