apache
3,092 tracked vulnerabilities.
CVE-2023-52291
MEDIUM
Apache StreamPark < 2.1.4 - Authenticated Remote Command Execution via Maven Build Args
Jul 17, 2024
CVSS 4.7
EPSS 0.02
CVE-2023-52290
HIGH
Apache StreamPark 2.0.0-2.1.3 - Authenticated SQL Injection via Sort Field
Jul 16, 2024
CVSS 8.1
EPSS 0.01
CVE-2023-49566
HIGH
Apache Linkis <=1.5.0 - Authenticated JNDI Injection via DB2 DataSource Parameters
Jul 15, 2024
CVSS 8.8
EPSS 0.01
CVE-2023-46801
HIGH
Apache Linkis <=1.5.0 - Authenticated RCE
Jul 15, 2024
CVSS 8.8
EPSS 0.01
CVE-2023-41916
MEDIUM
Apache Linkis <1.4.0 - Info Disclosure
Jul 15, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-35701
MEDIUM
Apache Hive 4.0.0-alpha-1 - Remote Code Execution via Malicious JDBC URL
May 03, 2024
CVSS 6.6
EPSS 0.01
CVE-2023-38709
HIGH
Apache HTTP Server <= 2.4.58 - HTTP Response Splitting via Faulty Input Validation
Apr 04, 2024
CVSS 7.3
EPSS 0.04
CVE-2023-41313
CRITICAL
Apache Doris <2.0.0 - Info Disclosure
Mar 12, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-50740
MEDIUM
Apache Linkis <=1.4.0 - Sensitive Information Disclosure in Oracle Data Source Logs
Mar 06, 2024
CVSS 5.3
EPSS 0.01
CVE-2023-50378
MEDIUM
Apache Ambari < 2.7.8 - Stored Cross-Site Scripting
Mar 01, 2024
CVSS 6.1
EPSS 0.01
CVE-2023-50380
MEDIUM
Apache Ambari <= 2.7.7 - XML External Entity Injection
Feb 27, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-51747
HIGH
Apache James <3.8.1-3.7.5 - SMTP Smuggling
Feb 27, 2024
CVSS 7.1
EPSS 0.01
CVE-2023-51518
CRITICAL
Apache James <3.7.5, 3.8.0 - Privilege Escalation
Feb 27, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-50379
HIGH
Apache Ambari < 2.7.8 - Authenticated Code Injection
Feb 27, 2024
CVSS 8.8
EPSS 0.01
CVE-2023-51653
CRITICAL
Hertzbeat <1.4.1 - Command Injection
Feb 22, 2024
CVSS 9.8
EPSS 0.02
CVE-2023-51389
CRITICAL
Hertzbeat < 1.4.1 - Deserialization of Untrusted Data via SnakeYAML Parser
Feb 22, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-51388
CRITICAL
Hertzbeat < 1.4.1 - AviatorScript Injection via Unrestricted AviatorEvaluator
Feb 22, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-51770
HIGH
Apache DolphinScheduler <3.2.1 - Info Disclosure
Feb 20, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-50270
MEDIUM
Apache DolphinScheduler 1.3.8-3.2.0 - Insufficient Session Expiration
Feb 20, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-49250
HIGH
Apache DolphinScheduler <3.2.0 - SSRF
Feb 20, 2024
CVSS 7.3
EPSS 0.01
CVE-2023-49109
CRITICAL
Apache DolphinScheduler <3.2.1 - RCE
Feb 20, 2024
CVSS 9.8
EPSS 0.02
CVE-2023-50386
HIGH
Apache Solr Backup/Restore APIs RCE
Feb 09, 2024
CVSS 8.8
EPSS 0.84
CVE-2023-50298
HIGH
Apache Solr 6.0.0-8.11.2, 9.0.0-9.4.0 - Exposure of Sensitive Information via Streaming Expression zkHost Parameter
Feb 09, 2024
CVSS 7.5
EPSS 0.02
CVE-2023-50292
HIGH
Apache Solr 8.10.0-8.11.2, 9.0.0-9.2.9 - Unauthenticated Remote Code Execution via Schema Designer ConfigSet
Feb 09, 2024
CVSS 7.5
EPSS 0.03
CVE-2023-50291
HIGH
Apache Solr 6.0.0-8.11.2 and 9.0.0-9.2.9 - Authenticated Credential Exposure via /admin/info/properties Endpoint
Feb 09, 2024
CVSS 7.5
EPSS 0.03
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters