apache

3,092 tracked vulnerabilities.

CVE-2023-48291 MEDIUM
Apache Airflow < 2.8.0 - Authenticated DAG Resource Access Control Bypass
Dec 21, 2023
CVSS 4.3
EPSS 0.02
CVE-2023-47265 MEDIUM
Apache Airflow 2.6.0-2.7.3 - Stored Cross-Site Scripting in DAG Parameter Description Field
Dec 21, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-37544 HIGH
Apache Pulsar WebSocket Proxy 2.8.0-2.11.1, 3.0.0 - DoS via /pingpong
Dec 20, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-43826 HIGH
Apache Guacamole <1.5.3 - Memory Corruption
Dec 19, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-49736 MEDIUM
Apache Superset < 2.1.2, 3.0.0-3.0.1 - SQL Injection via JINJA where_in Macro
Dec 19, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-49734 HIGH
Apache Superset < 2.1.2, 3.0.0-3.0.1 - Authenticated Incorrect Authorization via Dashboard Chart Ownership
Dec 19, 2023
CVSS 7.7
EPSS 0.01
CVE-2023-46104 MEDIUM
Apache Superset <= 2.1.2, 3.0.0-3.0.1 - Authenticated Uncontrolled Resource Consumption via Malicious ZIP Import
Dec 19, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-48795 MEDIUM NUCLEI
OpenSSH <9.6 - Open Redirect
Dec 18, 2023
CVSS 5.9
EPSS 0.93
CVE-2023-41314 HIGH
Apache Doris < 2.0.3 - Unauthenticated Arbitrary File Read and Denial of Service via Snapshot and Log File API
Dec 18, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-49898 HIGH
Apache StreamPark 2.0.0-2.1.1 - Authenticated Remote Code Execution via Maven Compilation Parameters
Dec 15, 2023
CVSS 7.2
EPSS 0.02
CVE-2023-30867 MEDIUM
Apache StreamPark 2.0.0-2.1.1 - SQL Injection via Fuzzy Search Parameter
Dec 15, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-46279 CRITICAL
Apache Dubbo <3.1.5 - Use After Free
Dec 15, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-29234 CRITICAL
Apache Dubbo <3.1.10, <3.2.4 - Deserialization
Dec 15, 2023
CVSS 9.8
EPSS 0.07
CVE-2023-46750 MEDIUM
Apache Shiro < 1.13.0 - Open Redirect via Form Authentication
Dec 14, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-45725 MEDIUM
Apache CouchDB < 3.3.2 - Exposure of Sensitive Information via Design Document Functions
Dec 13, 2023
CVSS 5.7
EPSS 0.01
CVE-2023-50164 CRITICAL
Apache Struts 2.0.0-2.5.32 - Path Traversal and Remote Code Execution via File Upload
Dec 07, 2023
CVSS 9.8
EPSS 0.81
CVE-2023-41835 HIGH
Struts <2.5.32-6.3.0.1 - Info Disclosure
Dec 05, 2023
CVSS 7.5
EPSS 0.06
CVE-2023-49070 CRITICAL NUCLEI
Apache OFBiz < 18.12.10 - Unauthenticated Remote Code Execution via XML-RPC
Dec 05, 2023
CVSS 9.8
EPSS 0.95
CVE-2023-49735 HIGH
Apache Tiles >= 2.0 - Path Traversal and Server-Side Request Forgery via DefaultLocaleResolver.LOCALE_KEY
Nov 30, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-49733 CRITICAL
Apache Cocoon 2.2.0-2.2.9 - XML External Entity Injection
Nov 30, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-49620 MEDIUM
Apache DolphinScheduler < 3.1.0 - Authenticated Insecure Direct Object Reference in UDF Function Deletion
Nov 30, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-42504 MEDIUM
Apache Superset < 3.0.0 - Authenticated Denial of Service via Concurrent Dashboard Export Requests
Nov 28, 2023
CVSS 5.8
EPSS 0.01
CVE-2023-42505 MEDIUM
Apache Superset < 3.0.0 - Authenticated Exposure of Sensitive Database Connection Information
Nov 28, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-42502 MEDIUM
Apache Superset < 3.0.0 - Authenticated Open Redirect via HTTP Host Header Spoofing
Nov 28, 2023
CVSS 4.8
EPSS 0.01
CVE-2023-46589 HIGH
Apache Tomcat <11.0.0-M10 - Request Smuggling
Nov 28, 2023
CVSS 7.5
EPSS 0.03