apache
2,899 tracked vulnerabilities.
CVE-2022-46337
CRITICAL
Apache Derby 10.1.1.0-10.14.3.0 - LDAP Authentication Bypass via Username Injection
Nov 20, 2023
CVSS 9.8
EPSS 0.00
CVE-2022-44730
MEDIUM
Apache XML Graphics Batik 1.16 - Server-Side Request Forgery via Malicious SVG
Aug 22, 2023
CVSS 4.4
EPSS 0.01
CVE-2022-44729
HIGH
Apache XML Graphics Batik 1.16 - Server-Side Request Forgery via Malicious SVG
Aug 22, 2023
CVSS 7.1
EPSS 0.00
CVE-2022-46751
HIGH
Apache Ivy < 2.5.2 - XML External Entity Injection via DTD Processing
Aug 21, 2023
CVSS 8.2
EPSS 0.00
CVE-2022-47185
HIGH
Apache Traffic Server <9.2.1 - Info Disclosure
Aug 09, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-46651
MEDIUM
Apache Airflow <2.6.3 - Info Disclosure
Jul 12, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-45855
HIGH
Apache Ambari 2.7.0-2.7.6 - Authenticated Remote Code Execution via SpringEL Injection
Jul 12, 2023
CVSS 8.0
EPSS 0.00
CVE-2022-42009
HIGH
Apache Ambari 2.7.0-2.7.6 - Authenticated Remote Code Execution via SpringEL Injection
Jul 12, 2023
CVSS 8.0
EPSS 0.00
CVE-2022-47184
HIGH
Apache Traffic Server <9.2.0 - Info Disclosure
Jun 14, 2023
CVSS 7.5
EPSS 0.00
CVE-2022-46907
MEDIUM
Apache JSPWiki < 2.12.0 - Cross-Site Scripting via Crafted Plugin Request
May 25, 2023
CVSS 6.1
EPSS 0.03
CVE-2022-47937
CRITICAL
Apache Sling Commons JSON < 2.0.20 - Denial of Service via Crafted Input
May 15, 2023
CVSS 9.8
EPSS 0.01
CVE-2022-45048
HIGH
Apache Ranger 2.3.0 - Authenticated Remote Code Execution via Policy Expression Injection
May 05, 2023
CVSS 8.4
EPSS 0.00
CVE-2022-46365
CRITICAL
Apache StreamPark <2.0.0 - Auth Bypass
May 01, 2023
CVSS 9.1
EPSS 0.00
CVE-2022-45802
CRITICAL
Apache StreamPark < 2.0.0 - Unauthenticated Unrestricted Upload of File with Dangerous Type
May 01, 2023
CVSS 9.8
EPSS 0.00
CVE-2022-45801
MEDIUM
Apache StreamPark 1.0.0-2.0.0 - LDAP Injection
May 01, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-47501
HIGH
NUCLEI
Apache OFBiz < 18.12.07 - Unauthenticated Arbitrary File Read via Solr Plugin
Apr 14, 2023
CVSS 7.5
EPSS 0.86
CVE-2022-45064
HIGH
Apache Sling Engine < 2.14.0 - Cross-Site Scripting via RequestDispatcher Include
Apr 13, 2023
CVSS 8.0
EPSS 0.05
CVE-2022-47502
HIGH
Apache OpenOffice < 4.1.13 - Arbitrary Script Execution via Macro Link URI Scheme
Mar 24, 2023
CVSS 7.8
EPSS 0.00
CVE-2022-38745
HIGH
Apache OpenOffice <4.1.14 - Code Injection
Mar 24, 2023
CVSS 7.8
EPSS 0.00
CVE-2022-42735
HIGH
Apache ShenYu 2.5.0 - Privilege Escalation via User Creation
Feb 15, 2023
CVSS 8.8
EPSS 0.00
CVE-2022-45786
HIGH
Apache AGE < 1.1.0 - SQL Injection via Cypher Function Parameterization Bypass
Feb 04, 2023
CVSS 8.1
EPSS 0.01
CVE-2022-28331
CRITICAL
Apache Portable Runtime <1.7.0 - Buffer Overflow
Jan 31, 2023
CVSS 9.8
EPSS 0.00
CVE-2022-25147
MEDIUM
Apache Portable Runtime Utility < 1.6.1 - Integer Overflow in apr_base64 Functions
Jan 31, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-24963
CRITICAL
Apache Portable Runtime 1.7.0 - Integer Overflow or Wraparound in apr_encode Functions
Jan 31, 2023
CVSS 9.8
EPSS 0.00
CVE-2022-44645
HIGH
Apache Linkis <= 1.3.0 - Remote Code Execution via MySQL Connector/J Deserialization
Jan 31, 2023
CVSS 8.8
EPSS 0.01
Products
http_server 317
tomcat 254
airflow 120
struts 90
traffic_server 82
ofbiz 74
superset 68
openoffice 60
activemq 57
subversion 47
nifi 46
solr 46
cloudstack 45
cxf 43
camel 40
hadoop 37
inlong 32
openmeetings 28
dolphinscheduler 27
ambari 26
tika 25
jspwiki 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
archiva 20
couchdb 20
Quick Filters