apache
3,092 tracked vulnerabilities.
CVE-2024-24773
MEDIUM
Apache Superset <3.0.4, >3.1.0-<3.1.1 - SQL Injection
Feb 28, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-24772
MEDIUM
Apache Superset <3.0.4, >3.1.0 - SQL Injection
Feb 28, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-27315
MEDIUM
Apache Superset <3.0.4, >3.1.0 - SQL Injection
Feb 28, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-21742
MEDIUM
Apache James MIME4J < 0.8.9 and apache-mime4j-core < 0.8.10 - Header Injection via MIME4J DOM
Feb 27, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-27905
CRITICAL
Apache Aurora >= 0.5.0 - Unauthenticated Exposure of Sensitive Information via Padding Oracle
Feb 27, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-22371
LOW
Apache Camel <4.4.0 - Info Disclosure
Feb 26, 2024
CVSS 2.9
EPSS 0.01
CVE-2024-23320
HIGH
Apache DolphinScheduler < 3.2.1 - Authenticated Remote Code Execution via JavaScript Injection
Feb 23, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-26578
MEDIUM
Apache Answer <= 1.2.1 - Race Condition in User Registration
Feb 22, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-23349
MEDIUM
Apache Answer <= 1.2.1 - Authenticated Stored Cross-Site Scripting via Question Summary
Feb 22, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-22393
CRITICAL
Apache Answer < 1.2.5 - Authenticated Denial of Service via Large Pixel File Upload
Feb 22, 2024
CVSS 9.1
EPSS 0.02
CVE-2024-25141
CRITICAL
Mongo Hook <4.0.0 - Info Disclosure
Feb 20, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-23114
CRITICAL
Apache Camel 3.0.0-3.21.3, 3.22.0, 4.0.0-4.0.3, 4.1.0-4.3.0 - Deserialization of Untrusted Data
Feb 20, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-22369
HIGH
Apache Camel <4.4.0 - Deserialization
Feb 20, 2024
CVSS 7.8
EPSS 0.01
CVE-2024-26308
MEDIUM
Apache Commons Compress 1.21-1.25 - Allocation of Resources Without Limits or Throttling
Feb 19, 2024
CVSS 5.5
EPSS 0.01
CVE-2024-25710
HIGH
Apache Commons Compress 1.3-1.25.0 - Denial of Service via Infinite Loop
Feb 19, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-23952
MEDIUM
Apache Superset <= 2.1.2 and 3.0.0-3.0.1 - Authenticated Uncontrolled Resource Consumption via ZIP Import
Feb 14, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-23452
HIGH
Apache bRPC 0.9.5-1.7.0 - HTTP Request Smuggling via Transfer-Encoding and Content-Length Header
Feb 08, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-23673
HIGH
Apache Sling Servlets Resolver < 2.11.0 - Path Traversal and Remote Code Execution
Feb 06, 2024
CVSS 8.5
EPSS 0.01
CVE-2024-21733
MEDIUM
Apache Tomcat 8.5.7-8.5.63 and 9.0.0-M11-9.0.43 - Generation of Error Message Containing Sensitive Information
Jan 19, 2024
CVSS 5.3
EPSS 0.14
CVE-2023-50780
HIGH
Apache ActiveMQ Artemis < 2.29.0 - Authenticated Arbitrary File Write and Remote Code Execution via Log4J2 MBean
Oct 14, 2024
CVSS 8.8
EPSS 0.17
CVE-2023-49582
MEDIUM
Apache Portable Runtime 0.9.0-1.7.4 - Unprotected User Data Exposure via Shared Memory Permissions
Aug 26, 2024
CVSS 5.5
EPSS 0.00
CVE-2023-49198
HIGH
Apache SeaTunnel <1.0.1 - Info Disclosure
Aug 21, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-48396
CRITICAL
Apache SeaTunnel <1.0.1 - Auth Bypass
Jul 30, 2024
CVSS 9.1
EPSS 0.01
CVE-2023-38522
HIGH
Apache Traffic Server <8.1.10, <9.2.4 - SSRF
Jul 26, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-48362
HIGH
Apache Drill 1.19.0-1.21.1 - XML External Entity Injection in XML Format Plugin
Jul 24, 2024
CVSS 8.8
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters