Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / apache

apache

2,899 tracked vulnerabilities.

CVE-2023-42503 MEDIUM

Apache Commons Compress 1.22-1.23.0 - Denial of Service via Malformed TAR File Modification Time Headers

CVE-2023-41267 HIGH

Apache Airflow HDFS Provider <4.1.1 - Info Disclosure

CVE-2023-41081 HIGH

Apache Tomcat Connectors - Auth Bypass

CVE-2023-40712 MEDIUM

Apache Airflow <2.7.1 - Info Disclosure

CVE-2023-40611 MEDIUM

Apache Airflow <2.7.1 - Privilege Escalation

CVE-2023-39265 LOW

Apache Superset <= 2.1.0 - SQLite Database Connection Manipulation via Alternative Driver Names

CVE-2023-37941 MEDIUM

Apache Superset 1.5.0-2.1.0 - Remote Code Execution via Metadata Database Deserialization

CVE-2023-32672 MEDIUM

Apache Superset <= 2.1.0 - Authenticated Incorrect Authorization in SQLLab

CVE-2023-39264 MEDIUM

Apache Superset <= 2.1.0 - Sensitive Information Exposure via REST API Error Stack Traces

CVE-2023-36388 MEDIUM

Apache Superset <= 2.1.0 - Authenticated Server-Side Request Forgery via Network Connection Test

CVE-2023-36387 MEDIUM

Apache Superset <2.1.0 - Info Disclosure

CVE-2023-27526 MEDIUM

Apache Superset <= 2.1.0 - Authenticated Incorrect Authorization via Import Charts Feature

CVE-2023-27523 MEDIUM

Apache Superset <= 2.1.0 - Authenticated Improper Data Authorization in Jinja Templated Queries

CVE-2023-40743 CRITICAL

Apache Axis 1.x - Server-Side Request Forgery and Remote Code Execution via ServiceFactory.getService

CVE-2023-41180 MEDIUM

Apache NiFi MiNiFi C++ <0.15 - Certificate Validation

CVE-2023-40195 HIGH

Apache Airflow Spark Provider < 4.1.3 - Authenticated Remote Code Execution via Malicious Spark Server

CVE-2023-27604 HIGH

Apache Airflow Sqoop Provider < 4.0.0 - Authenticated Remote Code Execution via Sqoop Import Connection Parameters

CVE-2023-41080 MEDIUM

Apache Tomcat <11.0.0-M10 - Open Redirect

CVE-2023-40273 HIGH

Apache Airflow < 2.7.0 - Authenticated Session Fixation via Password Reset

CVE-2023-39441 MEDIUM

Apache Airflow < 2.7.0 - Improper Certificate Validation

CVE-2023-37379 HIGH

Apache Airflow < 2.7.0 - Authenticated Denial of Service via Connection Test Feature

CVE-2023-40037 MEDIUM

Apache NiFi 1.21.0-1.23.0 - Authenticated Connection URL Validation Bypass via Custom Input Formatting

CVE-2023-40272 HIGH

Apache Airflow Spark Provider < 4.1.3 - Arbitrary File Read via Connection Parameters

CVE-2023-39553 HIGH

Apache Airflow Drill Provider < 2.4.3 - Unauthenticated Arbitrary File Read via DrillHook Connection Parameters

CVE-2023-33934 CRITICAL

Apache Traffic Server <9.2.1 - Info Disclosure

Previous Page 32 of 116 Next

Products

http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy