apache

3,092 tracked vulnerabilities.

CVE-2024-29217 MEDIUM
Apache Answer < 1.3.0 - Authenticated Stored Cross-Site Scripting via Personal Website Field
Apr 21, 2024
CVSS 4.6
EPSS 0.01
CVE-2024-31869 MEDIUM
Apache Airflow 2.7.0-2.8.4 - Authenticated Sensitive Information Exposure via Configuration UI Page
Apr 18, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-31391 MEDIUM
Apache Solr Operator 0.3.0-0.8.0 - Sensitive Information Disclosure in Kubernetes Events
Apr 12, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-27309 HIGH
Apache Kafka 3.5.0-3.6.1 and kafka-metadata 3.5.0-3.6.2 - Incorrect Authorization during ZooKeeper to KRaft Migration
Apr 12, 2024
CVSS 7.4
EPSS 0.01
CVE-2024-31309 HIGH
Apache Traffic Server 8.0.0-8.1.9 9.0.0-9.2.3 - Denial of Service via HTTP/2 CONTINUATION Frames
Apr 10, 2024
CVSS 7.5
EPSS 0.95
CVE-2024-31867 MEDIUM
Apache Zeppelin <0.11.1 - SQL Injection
Apr 09, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-31868 MEDIUM
Apache Zeppelin 0.8.2-0.11.0 - Stored Cross-Site Scripting via helium.json
Apr 09, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-31866 CRITICAL
Apache Zeppelin 0.8.2-0.11.0 - Remote Code Execution via Configuration Override
Apr 09, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-31865 MEDIUM
Apache Zeppelin <0.11.1 - Privilege Escalation
Apr 09, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-31864 CRITICAL
Apache Zeppelin <0.11.1 - Code Injection
Apr 09, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-31863 MEDIUM
Apache Zeppelin <0.11.0 - Auth Bypass
Apr 09, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-31862 MEDIUM
Apache Zeppelin <0.11.0 - Info Disclosure
Apr 09, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-31860 MEDIUM
Apache Zeppelin <0.11.0 - Info Disclosure
Apr 09, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-24746 HIGH
Apache NimBLE <= 1.6.0 - Denial of Service via GATT Operation
Apr 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-27316 HIGH
Apache HTTP Server 2.4.17-2.4.58 - Denial of Service via HTTP/2 Header Buffering
Apr 04, 2024
CVSS 7.5
EPSS 0.91
CVE-2024-24795 MEDIUM
Apache HTTP Server 2.4.0-2.4.58 - HTTP Response Splitting via Malicious Response Headers
Apr 04, 2024
CVSS 6.3
EPSS 0.03
CVE-2024-29008 MEDIUM
Apache CloudStack 4.14.0.0-4.18.1.0 - Unauthenticated Host Device Attachment via Extraconfig Feature
Apr 04, 2024
CVSS 6.4
EPSS 0.01
CVE-2024-29007 HIGH
Apache CloudStack 4.9.1.0-4.18.1.0 - Server-Side Request Forgery via HTTP Redirect Handling
Apr 04, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-29006 CRITICAL
Apache CloudStack 4.11.0.0-4.18.1.0 - Authentication Bypass via X-Forwarded-For Header Spoofing
Apr 04, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-29834 MEDIUM
Apache Kafka - Privilege Escalation
Apr 02, 2024
CVSS 6.4
EPSS 0.01
CVE-2024-23539 HIGH
Apache Fineract < 1.8.5 - SQL Injection
Mar 29, 2024
CVSS 8.3
EPSS 0.01
CVE-2024-23538 CRITICAL
Apache Fineract < 1.8.5 - SQL Injection
Mar 29, 2024
CVSS 9.9
EPSS 0.01
CVE-2024-23537 HIGH
Apache Fineract < 1.9.0 - Improper Privilege Management
Mar 29, 2024
CVSS 8.4
EPSS 0.01
CVE-2024-29735 MEDIUM
Apache Airflow <2.8.3 - Privilege Escalation
Mar 26, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-27438 CRITICAL
Apache Doris 1.2.0-2.0.4 - Remote Code Execution via Unchecked JDBC Driver File
Mar 21, 2024
CVSS 9.8
EPSS 0.01