apache

2,899 tracked vulnerabilities.

CVE-2023-24831 CRITICAL
Apache IoTDB Grafana Connector 0.13.0-0.13.3 - Unauthenticated Authentication Bypass
Apr 17, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-30465 MEDIUM
Apache InLong 1.4.0-1.5.0 - SQL Injection via orderType Parameter
Apr 11, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-29216 CRITICAL
Apache Linkis <=1.3.1 - Deserialization
Apr 10, 2023
CVSS 9.8
EPSS 0.05
CVE-2023-29215 CRITICAL
Apache Linkis <=1.3.1 - Code Injection
Apr 10, 2023
CVSS 9.8
EPSS 0.05
CVE-2023-27987 CRITICAL
Apache Linkis <=1.3.1 - Inadequate Encryption Strength in Default Token Generation
Apr 10, 2023
CVSS 9.1
EPSS 0.00
CVE-2023-27603 CRITICAL
Apache Linkis <=1.3.1 - Path Traversal via Zip Slip in EngineConn Material Upload
Apr 10, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-27602 CRITICAL
Apache Linkis <=1.3.1 - Unrestricted File Upload in PublicService Module
Apr 10, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-28710 HIGH
Apache Airflow Spark Provider <4.0.1 - Info Disclosure
Apr 07, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-28707 HIGH
Apache Airflow Drill Provider <2.3.2 - Info Disclosure
Apr 07, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-28706 CRITICAL
Apache Airflow Hive Provider <6.0.0 - Code Injection
Apr 07, 2023
CVSS 9.8
EPSS 0.09
CVE-2023-26269 HIGH
Apache James <3.7.3 - Privilege Escalation
Apr 03, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-28935 HIGH
Apache UIMA DUCC - Command Injection
Mar 30, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-28158 MEDIUM
Apache Archiva 2.0-2.2.9 - Authenticated Stored Cross-Site Scripting via Directory Name Injection
Mar 29, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-28326 CRITICAL
Apache OpenMeetings 2.0.0-7.0.0 - Unauthenticated Privilege Escalation
Mar 28, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-25197 MEDIUM
Apache Fineract 1.4.0-1.8.2 - Authenticated SQL Injection
Mar 28, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-25196 MEDIUM
Apache Fineract 1.4.0-1.8.2 - Authenticated SQL Injection
Mar 28, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-25195 HIGH
Apache Fineract 1.4.0-1.8.3 - Authenticated Server-Side Request Forgery
Mar 28, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-27296 HIGH
Apache InLong <1.5.0 - Deserialization
Mar 27, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-28708 MEDIUM
Apache Tomcat <11.0.0-M2 - Info Disclosure
Mar 22, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-26513 HIGH
Apache Sling Resource Merger <1.4.2 - Info Disclosure
Mar 20, 2023
CVSS 7.5
EPSS 0.03
CVE-2023-25695 MEDIUM
Apache Airflow < 2.5.2 - Sensitive Information Exposure via Error Message
Mar 15, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-26464 HIGH
Apache Log4j < 2.0 - Denial of Service via Chainsaw or SocketAppender Deserialization
Mar 10, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-23638 MEDIUM
Apache Dubbo 2.7.0-2.7.21, 3.0.0-3.0.13, 3.1.0-3.1.5 - Remote Code Execution via Generic Invoke Deserialization
Mar 08, 2023
CVSS 5.0
EPSS 0.50
CVE-2023-27522 HIGH
Apache HTTP Server 2.4.30-2.4.55 - HTTP Response Smuggling via mod_proxy_uwsgi Origin Response Header
Mar 07, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-25690 CRITICAL
Apache HTTP Server 2.4.0-2.4.55 - HTTP Request Smuggling via mod_proxy RewriteRule
Mar 07, 2023
CVSS 9.8
EPSS 0.67
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV