apache

3,092 tracked vulnerabilities.

CVE-2024-24773 MEDIUM
Apache Superset <3.0.4, >3.1.0-<3.1.1 - SQL Injection
Feb 28, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-24772 MEDIUM
Apache Superset <3.0.4, >3.1.0 - SQL Injection
Feb 28, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-27315 MEDIUM
Apache Superset <3.0.4, >3.1.0 - SQL Injection
Feb 28, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-21742 MEDIUM
Apache James MIME4J < 0.8.9 and apache-mime4j-core < 0.8.10 - Header Injection via MIME4J DOM
Feb 27, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-27905 CRITICAL
Apache Aurora >= 0.5.0 - Unauthenticated Exposure of Sensitive Information via Padding Oracle
Feb 27, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-22371 LOW
Apache Camel <4.4.0 - Info Disclosure
Feb 26, 2024
CVSS 2.9
EPSS 0.01
CVE-2024-23320 HIGH
Apache DolphinScheduler < 3.2.1 - Authenticated Remote Code Execution via JavaScript Injection
Feb 23, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-26578 MEDIUM
Apache Answer <= 1.2.1 - Race Condition in User Registration
Feb 22, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-23349 MEDIUM
Apache Answer <= 1.2.1 - Authenticated Stored Cross-Site Scripting via Question Summary
Feb 22, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-22393 CRITICAL
Apache Answer < 1.2.5 - Authenticated Denial of Service via Large Pixel File Upload
Feb 22, 2024
CVSS 9.1
EPSS 0.02
CVE-2024-25141 CRITICAL
Mongo Hook <4.0.0 - Info Disclosure
Feb 20, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-23114 CRITICAL
Apache Camel 3.0.0-3.21.3, 3.22.0, 4.0.0-4.0.3, 4.1.0-4.3.0 - Deserialization of Untrusted Data
Feb 20, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-22369 HIGH
Apache Camel <4.4.0 - Deserialization
Feb 20, 2024
CVSS 7.8
EPSS 0.01
CVE-2024-26308 MEDIUM
Apache Commons Compress 1.21-1.25 - Allocation of Resources Without Limits or Throttling
Feb 19, 2024
CVSS 5.5
EPSS 0.01
CVE-2024-25710 HIGH
Apache Commons Compress 1.3-1.25.0 - Denial of Service via Infinite Loop
Feb 19, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-23952 MEDIUM
Apache Superset <= 2.1.2 and 3.0.0-3.0.1 - Authenticated Uncontrolled Resource Consumption via ZIP Import
Feb 14, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-23452 HIGH
Apache bRPC 0.9.5-1.7.0 - HTTP Request Smuggling via Transfer-Encoding and Content-Length Header
Feb 08, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-23673 HIGH
Apache Sling Servlets Resolver < 2.11.0 - Path Traversal and Remote Code Execution
Feb 06, 2024
CVSS 8.5
EPSS 0.01
CVE-2024-21733 MEDIUM
Apache Tomcat 8.5.7-8.5.63 and 9.0.0-M11-9.0.43 - Generation of Error Message Containing Sensitive Information
Jan 19, 2024
CVSS 5.3
EPSS 0.14
CVE-2023-50780 HIGH
Apache ActiveMQ Artemis < 2.29.0 - Authenticated Arbitrary File Write and Remote Code Execution via Log4J2 MBean
Oct 14, 2024
CVSS 8.8
EPSS 0.17
CVE-2023-49582 MEDIUM
Apache Portable Runtime 0.9.0-1.7.4 - Unprotected User Data Exposure via Shared Memory Permissions
Aug 26, 2024
CVSS 5.5
EPSS 0.00
CVE-2023-49198 HIGH
Apache SeaTunnel <1.0.1 - Info Disclosure
Aug 21, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-48396 CRITICAL
Apache SeaTunnel <1.0.1 - Auth Bypass
Jul 30, 2024
CVSS 9.1
EPSS 0.01
CVE-2023-38522 HIGH
Apache Traffic Server <8.1.10, <9.2.4 - SSRF
Jul 26, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-48362 HIGH
Apache Drill 1.19.0-1.21.1 - XML External Entity Injection in XML Format Plugin
Jul 24, 2024
CVSS 8.8
EPSS 0.01