apache
3,092 tracked vulnerabilities.
CVE-2023-48291
MEDIUM
Apache Airflow < 2.8.0 - Authenticated DAG Resource Access Control Bypass
Dec 21, 2023
CVSS 4.3
EPSS 0.02
CVE-2023-47265
MEDIUM
Apache Airflow 2.6.0-2.7.3 - Stored Cross-Site Scripting in DAG Parameter Description Field
Dec 21, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-37544
HIGH
Apache Pulsar WebSocket Proxy 2.8.0-2.11.1, 3.0.0 - DoS via /pingpong
Dec 20, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-43826
HIGH
Apache Guacamole <1.5.3 - Memory Corruption
Dec 19, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-49736
MEDIUM
Apache Superset < 2.1.2, 3.0.0-3.0.1 - SQL Injection via JINJA where_in Macro
Dec 19, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-49734
HIGH
Apache Superset < 2.1.2, 3.0.0-3.0.1 - Authenticated Incorrect Authorization via Dashboard Chart Ownership
Dec 19, 2023
CVSS 7.7
EPSS 0.01
CVE-2023-46104
MEDIUM
Apache Superset <= 2.1.2, 3.0.0-3.0.1 - Authenticated Uncontrolled Resource Consumption via Malicious ZIP Import
Dec 19, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-48795
MEDIUM
NUCLEI
OpenSSH <9.6 - Open Redirect
Dec 18, 2023
CVSS 5.9
EPSS 0.93
CVE-2023-41314
HIGH
Apache Doris < 2.0.3 - Unauthenticated Arbitrary File Read and Denial of Service via Snapshot and Log File API
Dec 18, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-49898
HIGH
Apache StreamPark 2.0.0-2.1.1 - Authenticated Remote Code Execution via Maven Compilation Parameters
Dec 15, 2023
CVSS 7.2
EPSS 0.02
CVE-2023-30867
MEDIUM
Apache StreamPark 2.0.0-2.1.1 - SQL Injection via Fuzzy Search Parameter
Dec 15, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-46279
CRITICAL
Apache Dubbo <3.1.5 - Use After Free
Dec 15, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-29234
CRITICAL
Apache Dubbo <3.1.10, <3.2.4 - Deserialization
Dec 15, 2023
CVSS 9.8
EPSS 0.07
CVE-2023-46750
MEDIUM
Apache Shiro < 1.13.0 - Open Redirect via Form Authentication
Dec 14, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-45725
MEDIUM
Apache CouchDB < 3.3.2 - Exposure of Sensitive Information via Design Document Functions
Dec 13, 2023
CVSS 5.7
EPSS 0.01
CVE-2023-50164
CRITICAL
Apache Struts 2.0.0-2.5.32 - Path Traversal and Remote Code Execution via File Upload
Dec 07, 2023
CVSS 9.8
EPSS 0.81
CVE-2023-41835
HIGH
Struts <2.5.32-6.3.0.1 - Info Disclosure
Dec 05, 2023
CVSS 7.5
EPSS 0.06
CVE-2023-49070
CRITICAL
NUCLEI
Apache OFBiz < 18.12.10 - Unauthenticated Remote Code Execution via XML-RPC
Dec 05, 2023
CVSS 9.8
EPSS 0.95
CVE-2023-49735
HIGH
Apache Tiles >= 2.0 - Path Traversal and Server-Side Request Forgery via DefaultLocaleResolver.LOCALE_KEY
Nov 30, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-49733
CRITICAL
Apache Cocoon 2.2.0-2.2.9 - XML External Entity Injection
Nov 30, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-49620
MEDIUM
Apache DolphinScheduler < 3.1.0 - Authenticated Insecure Direct Object Reference in UDF Function Deletion
Nov 30, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-42504
MEDIUM
Apache Superset < 3.0.0 - Authenticated Denial of Service via Concurrent Dashboard Export Requests
Nov 28, 2023
CVSS 5.8
EPSS 0.01
CVE-2023-42505
MEDIUM
Apache Superset < 3.0.0 - Authenticated Exposure of Sensitive Database Connection Information
Nov 28, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-42502
MEDIUM
Apache Superset < 3.0.0 - Authenticated Open Redirect via HTTP Host Header Spoofing
Nov 28, 2023
CVSS 4.8
EPSS 0.01
CVE-2023-46589
HIGH
Apache Tomcat <11.0.0-M10 - Request Smuggling
Nov 28, 2023
CVSS 7.5
EPSS 0.03
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters