apache

2,899 tracked vulnerabilities.

CVE-2023-37581 MEDIUM
Apache Roller < 6.1.2 - Authenticated Cross-Site Scripting in Weblog Category and File Upload Features
Aug 06, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-39508 HIGH
Apache Airflow < 2.6.0 - Authenticated Privilege Escalation and DAG Access Bypass via Run Task Feature
Aug 05, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-36542 HIGH
Apache NiFi <1.22.0 - Authenticated RCE
Jul 29, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-38647 CRITICAL
Apache Helix < 1.3.0 - Remote Code Execution via SnakeYAML Deserialization
Jul 26, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-38435 MEDIUM
Apache Felix Healthcheck Webconsole Plugin <2.1.0 - XSS
Jul 25, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-37895 CRITICAL
Apache Jackrabbit 1.0.0-2.20.10 and 2.21.0-2.21.17 - Remote Code Execution via RMI Deserialization
Jul 25, 2023
CVSS 9.8
EPSS 0.10
CVE-2023-35088 CRITICAL
Apache InLong 1.4.0-1.7.0 - SQL Injection via toAuditCkSql Method
Jul 25, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-34434 HIGH
Apache InLong 1.4.0-1.7.0 - Arbitrary File Read via Deserialization Bypass
Jul 25, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-34189 MEDIUM
Apache InLong <1.7.0 - Privilege Escalation
Jul 25, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-34478 CRITICAL
Apache Shiro < 1.12.0 - Path Traversal and Authentication Bypass via Non-Normalized Request Routing
Jul 24, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-28754 HIGH
Apache ShardingSphere-Agent - Code Injection
Jul 19, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-26512 CRITICAL
Apache EventMesh <1.8.0 - Code Injection
Jul 17, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-37415 HIGH
Apache Airflow Apache Hive Provider < 6.1.2 - OS Command Injection via Proxy User Option
Jul 13, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-37582 CRITICAL NUCLEI
Apache RocketMQ - Remote Command Execution
Jul 12, 2023
CVSS 9.8
EPSS 0.94
CVE-2023-37579 HIGH
Apache Pulsar < 2.10.4 and 2.11.0 - Authenticated Credential Leak via Function Worker Source/Sink Configuration
Jul 12, 2023
CVSS 8.2
EPSS 0.00
CVE-2023-36543 MEDIUM
Apache Airflow < 2.6.3 - Authenticated Denial of Service via Inefficient Regular Expression
Jul 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-35908 MEDIUM
Apache Airflow <2.6.3 - Info Disclosure
Jul 12, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-31007 NONE
Apache Pulsar <= 2.9.4, 2.10.0-2.10.3, 2.11.0 - Improper Authentication via Expired Auth Data Bypass
Jul 12, 2023
EPSS 0.00
CVE-2023-30429 CRITICAL
Apache Pulsar < 2.10.4 and 2.11.0 - Incorrect Authorization via Pulsar Function Worker
Jul 12, 2023
CVSS 9.6
EPSS 0.00
CVE-2023-30428 HIGH
Apache Pulsar 2.9.0-2.9.5, 2.10.0-2.10.3, 2.11.0 - Incorrect Authorization via Rest Producer
Jul 12, 2023
CVSS 8.2
EPSS 0.00
CVE-2023-22888 MEDIUM
Apache Airflow < 2.6.3 - Authenticated Denial of Service via run_id Parameter
Jul 12, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-22887 MEDIUM
Apache Airflow < 2.6.3 - Authenticated Path Traversal via run_id Parameter
Jul 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-32200 HIGH
Apache Jena 3.7.0-4.8.0 - Remote Code Execution via SPARQL Query
Jul 12, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-35887 MEDIUM
Apache MINA SSHD < 2.9.3 - Path Traversal via Parent Navigation
Jul 10, 2023
CVSS 5.0
EPSS 0.00
CVE-2023-34442 LOW
Apache Camel 3.0.0-3.14.8 3.18.0-3.18.7 3.20.0-3.20.5 4.0.0-M3 - Exposure of Sensitive Information
Jul 10, 2023
CVSS 3.3
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV