apache

3,092 tracked vulnerabilities.

CVE-2024-38474 CRITICAL
Apache HTTP Server < 2.4.60 - Script Execution via mod_rewrite Substitution Encoding Issue
Jul 01, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-38473 HIGH NUCLEI
Apache HTTP Server <2.4.60 - Open Redirect
Jul 01, 2024
CVSS 8.1
EPSS 0.26
CVE-2024-38472 HIGH NUCLEI
Apache HTTP Server 2.4.0-2.4.59 - Server-Side Request Forgery via UNC Path Handling
Jul 01, 2024
CVSS 7.5
EPSS 0.68
CVE-2024-36387 MEDIUM
Apache HTTP Server 2.4.55-2.4.58 - Denial of Service via WebSocket Protocol Upgrade
Jul 01, 2024
CVSS 5.4
EPSS 0.02
CVE-2024-29868 CRITICAL NUCLEI
Apache StreamPipes <0.95.0 - Info Disclosure
Jun 24, 2024
CVSS 9.1
EPSS 0.06
CVE-2024-27136 MEDIUM
Apache JSPWiki < 2.12.2 - Cross-Site Scripting in Upload Page
Jun 24, 2024
CVSS 6.1
EPSS 0.59
CVE-2024-38379 MEDIUM
Apache Allura 1.4.0-1.17.0 - Authenticated Stored Cross-Site Scripting in Neighborhood Settings
Jun 22, 2024
CVSS 4.8
EPSS 0.01
CVE-2024-34693 MEDIUM
Apache Superset < 3.1.3 - Authenticated File Read via MariaDB Connection with local_infile
Jun 20, 2024
CVSS 6.8
EPSS 0.02
CVE-2024-25142 MEDIUM
Apache Airflow <2.9.2 - Info Disclosure
Jun 14, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-36265 CRITICAL
Apache Submarine Server Core <0.8.0 - Incorrect Authorization
Jun 12, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-36264 CRITICAL
Apache Submarine Commons Utils <0.8.0 - Auth Bypass
Jun 12, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-36263 HIGH
Apache Submarine Server Core - SQL Injection
Jun 12, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-36471 HIGH
Apache Allura 1.0.1-1.16.0 - Server-Side Request Forgery via Import Functionality
Jun 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-36104 CRITICAL NUCLEI
Apache OFBiz <18.12.14 - Path Traversal
Jun 04, 2024
CVSS 9.1
EPSS 0.88
CVE-2024-32077 MEDIUM
Apache Airflow <2.9.1 - Code Injection
May 14, 2024
CVSS 5.4
EPSS 0.02
CVE-2024-34365 CRITICAL
Apache Karaf Cave - Improper Input Validation
May 14, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-32113 CRITICAL KEVNUCLEI
Apache OFBiz <18.12.13 - Path Traversal
May 08, 2024
CVSS 9.8
EPSS 0.99
CVE-2024-26579 CRITICAL
Apache InLong 1.7.0-1.11.0 - Deserialization of Untrusted Data via Malicious Parameters
May 08, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-28148 MEDIUM
Apache Superset < 3.1.2 - Authenticated Incorrect Authorization via REST API Request
May 07, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-32638 MEDIUM
Apache APISIX 3.8.0-3.9.0 - HTTP Request Smuggling via Forward-Auth Plugin
May 02, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-32114 HIGH NUCLEI
Apache ActiveMQ 6.x - Info Disclosure
May 02, 2024
CVSS 8.5
EPSS 0.07
CVE-2024-27349 CRITICAL
Apache HugeGraph-Server <1.3.0 - Auth Bypass
Apr 22, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-27348 CRITICAL KEVNUCLEI
Apache HugeGraph-Server - Remote Command Execution
Apr 22, 2024
CVSS 9.8
EPSS 0.99
CVE-2024-27347 MEDIUM
Apache HugeGraph-Hubble <1.3.0 - SSRF
Apr 22, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-29733 LOW
Apache Airflow FTP Provider <3.7.0 - Certificate Validation
Apr 21, 2024
CVSS 2.7
EPSS 0.01