apache
3,092 tracked vulnerabilities.
CVE-2024-26307
MEDIUM
Apache Doris < 1.2.8, < 2.0.4 - Race Condition via chmod() Method
Mar 21, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-29133
MEDIUM
Apache Commons Configuration 2.0-2.10.0 - Out-of-bounds Write
Mar 21, 2024
CVSS 5.4
EPSS 0.02
CVE-2024-29131
HIGH
Apache Commons Configuration 2.0-2.10.0 - Out-of-bounds Write
Mar 21, 2024
CVSS 7.3
EPSS 0.02
CVE-2024-27439
MEDIUM
Apache Wicket <9.16.0 - Auth Bypass
Mar 19, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-24683
MEDIUM
Apache Hop Engine <2.8.0 - Info Disclosure
Mar 19, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-28752
CRITICAL
NUCLEI
Apache CXF < 3.5.8 - Server-Side Request Forgery via Aegis DataBinding
Mar 15, 2024
CVSS 9.3
EPSS 0.06
CVE-2024-23944
MEDIUM
Apache ZooKeeper 3.6.0-3.7.1 and 3.8.0-3.8.3 - Information Disclosure via Persistent Watcher ACL Bypass
Mar 15, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-28746
HIGH
Apache Airflow <2.8.3 - Info Disclosure
Mar 14, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-24549
HIGH
Apache Tomcat <11.0.0-M16, <10.1.18, <9.0.85, <=8.5.98 - DoS
Mar 13, 2024
CVSS 7.5
EPSS 0.23
CVE-2024-23672
MEDIUM
Apache Tomcat 8.5.0-8.5.98, 9.0.0-M1-9.0.85, 10.1.0-M1-10.1.18, 11.0.0-M1-M16 DoS via WebSocket Cleanup
Mar 13, 2024
CVSS 6.3
EPSS 0.02
CVE-2024-28098
MEDIUM
Apache Pulsar 2.7.1-2.10.5 2.11.0-2.11.3 3.0.0-3.0.2 3.1.0-3.1.2 3.2.0 - Authenticated Incorrect Authorization
Mar 12, 2024
CVSS 6.4
EPSS 0.02
CVE-2024-27894
HIGH
Pulsar Functions Worker - Code Injection
Mar 12, 2024
CVSS 8.5
EPSS 0.02
CVE-2024-27317
HIGH
Pulsar Functions Worker - Path Traversal
Mar 12, 2024
CVSS 8.4
EPSS 0.57
CVE-2024-27135
HIGH
Apache Pulsar 2.4.0-2.10.5, 2.11.0-2.11.3, 3.0.0-3.0.2, 3.1.0-3.1.2, 3.2.0 - Remote Code Execution
Mar 12, 2024
CVSS 8.5
EPSS 0.06
CVE-2024-26580
CRITICAL
Apache InLong 1.8.0-1.10.0 - Arbitrary File Read via Deserialization
Mar 06, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-27140
MEDIUM
Apache Archiva >= 2.0.0 - Cross-Site Scripting
Mar 01, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-27139
HIGH
Apache Archiva <2.0.0 - Unauthorized Access
Mar 01, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-27138
HIGH
Apache Archiva - Incorrect Authorization via User Registration Bypass
Mar 01, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-26280
MEDIUM
Apache Airflow < 2.8.2 - Authenticated Information Disclosure via Audit Log Permissions
Mar 01, 2024
CVSS 4.7
EPSS 0.02
CVE-2024-27906
MEDIUM
Apache Airflow <2.8.2 - Info Disclosure
Feb 29, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-25065
CRITICAL
Apache OFBiz <18.12.12 - Path Traversal
Feb 29, 2024
CVSS 9.1
EPSS 0.48
CVE-2024-23946
MEDIUM
Apache OFBiz < 18.12.12 - Path Traversal and Arbitrary File Inclusion
Feb 29, 2024
CVSS 5.3
EPSS 0.03
CVE-2024-23807
CRITICAL
Apache Xerces C++ 3.0.0-3.2.4 - Use-After-Free in External DTD Scanning
Feb 29, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-26016
MEDIUM
Apache Superset < 3.0.4, 3.1.0 - Authenticated Dashboard Ownership Takeover via Import
Feb 28, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-24779
MEDIUM
Apache Superset <3.0.4, >3.1.0-<3.1.1 - Info Disclosure
Feb 28, 2024
CVSS 5.0
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters