apache
3,092 tracked vulnerabilities.
CVE-2024-29217
MEDIUM
Apache Answer < 1.3.0 - Authenticated Stored Cross-Site Scripting via Personal Website Field
Apr 21, 2024
CVSS 4.6
EPSS 0.01
CVE-2024-31869
MEDIUM
Apache Airflow 2.7.0-2.8.4 - Authenticated Sensitive Information Exposure via Configuration UI Page
Apr 18, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-31391
MEDIUM
Apache Solr Operator 0.3.0-0.8.0 - Sensitive Information Disclosure in Kubernetes Events
Apr 12, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-27309
HIGH
Apache Kafka 3.5.0-3.6.1 and kafka-metadata 3.5.0-3.6.2 - Incorrect Authorization during ZooKeeper to KRaft Migration
Apr 12, 2024
CVSS 7.4
EPSS 0.01
CVE-2024-31309
HIGH
Apache Traffic Server 8.0.0-8.1.9 9.0.0-9.2.3 - Denial of Service via HTTP/2 CONTINUATION Frames
Apr 10, 2024
CVSS 7.5
EPSS 0.95
CVE-2024-31867
MEDIUM
Apache Zeppelin <0.11.1 - SQL Injection
Apr 09, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-31868
MEDIUM
Apache Zeppelin 0.8.2-0.11.0 - Stored Cross-Site Scripting via helium.json
Apr 09, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-31866
CRITICAL
Apache Zeppelin 0.8.2-0.11.0 - Remote Code Execution via Configuration Override
Apr 09, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-31865
MEDIUM
Apache Zeppelin <0.11.1 - Privilege Escalation
Apr 09, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-31864
CRITICAL
Apache Zeppelin <0.11.1 - Code Injection
Apr 09, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-31863
MEDIUM
Apache Zeppelin <0.11.0 - Auth Bypass
Apr 09, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-31862
MEDIUM
Apache Zeppelin <0.11.0 - Info Disclosure
Apr 09, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-31860
MEDIUM
Apache Zeppelin <0.11.0 - Info Disclosure
Apr 09, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-24746
HIGH
Apache NimBLE <= 1.6.0 - Denial of Service via GATT Operation
Apr 06, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-27316
HIGH
Apache HTTP Server 2.4.17-2.4.58 - Denial of Service via HTTP/2 Header Buffering
Apr 04, 2024
CVSS 7.5
EPSS 0.91
CVE-2024-24795
MEDIUM
Apache HTTP Server 2.4.0-2.4.58 - HTTP Response Splitting via Malicious Response Headers
Apr 04, 2024
CVSS 6.3
EPSS 0.03
CVE-2024-29008
MEDIUM
Apache CloudStack 4.14.0.0-4.18.1.0 - Unauthenticated Host Device Attachment via Extraconfig Feature
Apr 04, 2024
CVSS 6.4
EPSS 0.01
CVE-2024-29007
HIGH
Apache CloudStack 4.9.1.0-4.18.1.0 - Server-Side Request Forgery via HTTP Redirect Handling
Apr 04, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-29006
CRITICAL
Apache CloudStack 4.11.0.0-4.18.1.0 - Authentication Bypass via X-Forwarded-For Header Spoofing
Apr 04, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-29834
MEDIUM
Apache Kafka - Privilege Escalation
Apr 02, 2024
CVSS 6.4
EPSS 0.01
CVE-2024-23539
HIGH
Apache Fineract < 1.8.5 - SQL Injection
Mar 29, 2024
CVSS 8.3
EPSS 0.01
CVE-2024-23538
CRITICAL
Apache Fineract < 1.8.5 - SQL Injection
Mar 29, 2024
CVSS 9.9
EPSS 0.01
CVE-2024-23537
HIGH
Apache Fineract < 1.9.0 - Improper Privilege Management
Mar 29, 2024
CVSS 8.4
EPSS 0.01
CVE-2024-29735
MEDIUM
Apache Airflow <2.8.3 - Privilege Escalation
Mar 26, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-27438
CRITICAL
Apache Doris 1.2.0-2.0.4 - Remote Code Execution via Unchecked JDBC Driver File
Mar 21, 2024
CVSS 9.8
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters