apache
3,092 tracked vulnerabilities.
CVE-2024-38474
CRITICAL
Apache HTTP Server < 2.4.60 - Script Execution via mod_rewrite Substitution Encoding Issue
Jul 01, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-38473
HIGH
NUCLEI
Apache HTTP Server <2.4.60 - Open Redirect
Jul 01, 2024
CVSS 8.1
EPSS 0.26
CVE-2024-38472
HIGH
NUCLEI
Apache HTTP Server 2.4.0-2.4.59 - Server-Side Request Forgery via UNC Path Handling
Jul 01, 2024
CVSS 7.5
EPSS 0.68
CVE-2024-36387
MEDIUM
Apache HTTP Server 2.4.55-2.4.58 - Denial of Service via WebSocket Protocol Upgrade
Jul 01, 2024
CVSS 5.4
EPSS 0.02
CVE-2024-29868
CRITICAL
NUCLEI
Apache StreamPipes <0.95.0 - Info Disclosure
Jun 24, 2024
CVSS 9.1
EPSS 0.06
CVE-2024-27136
MEDIUM
Apache JSPWiki < 2.12.2 - Cross-Site Scripting in Upload Page
Jun 24, 2024
CVSS 6.1
EPSS 0.59
CVE-2024-38379
MEDIUM
Apache Allura 1.4.0-1.17.0 - Authenticated Stored Cross-Site Scripting in Neighborhood Settings
Jun 22, 2024
CVSS 4.8
EPSS 0.01
CVE-2024-34693
MEDIUM
Apache Superset < 3.1.3 - Authenticated File Read via MariaDB Connection with local_infile
Jun 20, 2024
CVSS 6.8
EPSS 0.02
CVE-2024-25142
MEDIUM
Apache Airflow <2.9.2 - Info Disclosure
Jun 14, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-36265
CRITICAL
Apache Submarine Server Core <0.8.0 - Incorrect Authorization
Jun 12, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-36264
CRITICAL
Apache Submarine Commons Utils <0.8.0 - Auth Bypass
Jun 12, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-36263
HIGH
Apache Submarine Server Core - SQL Injection
Jun 12, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-36471
HIGH
Apache Allura 1.0.1-1.16.0 - Server-Side Request Forgery via Import Functionality
Jun 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-36104
CRITICAL
NUCLEI
Apache OFBiz <18.12.14 - Path Traversal
Jun 04, 2024
CVSS 9.1
EPSS 0.88
CVE-2024-32077
MEDIUM
Apache Airflow <2.9.1 - Code Injection
May 14, 2024
CVSS 5.4
EPSS 0.02
CVE-2024-34365
CRITICAL
Apache Karaf Cave - Improper Input Validation
May 14, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-32113
CRITICAL
KEVNUCLEI
Apache OFBiz <18.12.13 - Path Traversal
May 08, 2024
CVSS 9.8
EPSS 0.99
CVE-2024-26579
CRITICAL
Apache InLong 1.7.0-1.11.0 - Deserialization of Untrusted Data via Malicious Parameters
May 08, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-28148
MEDIUM
Apache Superset < 3.1.2 - Authenticated Incorrect Authorization via REST API Request
May 07, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-32638
MEDIUM
Apache APISIX 3.8.0-3.9.0 - HTTP Request Smuggling via Forward-Auth Plugin
May 02, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-32114
HIGH
NUCLEI
Apache ActiveMQ 6.x - Info Disclosure
May 02, 2024
CVSS 8.5
EPSS 0.07
CVE-2024-27349
CRITICAL
Apache HugeGraph-Server <1.3.0 - Auth Bypass
Apr 22, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-27348
CRITICAL
KEVNUCLEI
Apache HugeGraph-Server - Remote Command Execution
Apr 22, 2024
CVSS 9.8
EPSS 0.99
CVE-2024-27347
MEDIUM
Apache HugeGraph-Hubble <1.3.0 - SSRF
Apr 22, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-29733
LOW
Apache Airflow FTP Provider <3.7.0 - Certificate Validation
Apr 21, 2024
CVSS 2.7
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters