apache

2,899 tracked vulnerabilities.

CVE-2022-44644 MEDIUM
Apache Linkis <= 1.3.0 - Authenticated Arbitrary File Read via MySQL Connector/J JDBC Parameter
Jan 31, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-37436 MEDIUM
Apache HTTP Server < 2.4.55 - HTTP Response Header Injection via CRLF Sequence
Jan 17, 2023
CVSS 5.3
EPSS 0.01
CVE-2022-36760 CRITICAL
Apache HTTP Server 2.4.0-2.4.54 - HTTP Request Smuggling via mod_proxy_ajp
Jan 17, 2023
CVSS 9.0
EPSS 0.00
CVE-2022-45438 MEDIUM
Apache Superset <=1.5.2 and 2.0.0 - Unauthenticated Exposure of Dashboard Metadata via REST API
Jan 16, 2023
CVSS 5.3
EPSS 0.03
CVE-2022-43721 MEDIUM
Apache Superset <2.0.0 - Open Redirect
Jan 16, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-43720 MEDIUM
Apache Superset < 1.5.2 and 2.0.0 - Authenticated Cross-Site Scripting via Toast Message
Jan 16, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-43719 HIGH
Apache Superset < 1.5.2 and 2.0.0 - Cross-Site Request Forgery
Jan 16, 2023
CVSS 8.8
EPSS 0.02
CVE-2022-43718 MEDIUM
Apache Superset <=1.5.2 and 2.0.0 - Authenticated Cross-Site Scripting in Upload Data Forms
Jan 16, 2023
CVSS 5.4
EPSS 0.00
CVE-2022-43717 MEDIUM
Apache Superset < 1.5.2 and 2.0.0 - Authenticated Stored Cross-Site Scripting in Dashboard Markdown Components
Jan 16, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-41703 MEDIUM
Apache Superset <2.0.0 - SQL Injection
Jan 16, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-46769 MEDIUM
Apache Sling CMS < 1.1.4 - Authenticated Reflected Cross-Site Scripting in Site Group Feature
Jan 09, 2023
CVSS 5.4
EPSS 0.00
CVE-2022-45935 MEDIUM
Apache James < 3.7.2 - Unprotected User Data Exposure via Temporary Files
Jan 06, 2023
CVSS 5.5
EPSS 0.00
CVE-2022-45787 MEDIUM
Apache James < 0.8.9 - Cleartext Storage of Sensitive Information via Temporary File Permissions
Jan 06, 2023
CVSS 5.5
EPSS 0.00
CVE-2022-45875 CRITICAL
Apache DolphinScheduler < 3.0.2 - Authenticated Remote Code Execution via Script Alert Plugin
Jan 04, 2023
CVSS 9.8
EPSS 0.02
CVE-2022-45143 HIGH
Apache Tomcat <10.1.1 - Info Disclosure
Jan 03, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-44621 CRITICAL
Apache Kylin < 4.0.3 - Command Injection via Diagnosis Controller
Dec 30, 2022
CVSS 9.8
EPSS 0.09
CVE-2022-43396 HIGH
Blacklist Bypass - Command Injection
Dec 30, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-45347 CRITICAL
Apache ShardingSphere-Proxy <5.3.0 - Command Injection
Dec 22, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-40145 CRITICAL
Apache Karaf < 4.3.8 - Remote Code Execution via JNDI LDAP Data Source URI
Dec 21, 2022
CVSS 9.8
EPSS 0.05
CVE-2022-46421 CRITICAL
Apache Airflow Hive Provider <5.0.0 - Command Injection
Dec 20, 2022
CVSS 9.8
EPSS 0.31
CVE-2022-40743 MEDIUM
Apache Traffic Server 9.0.0-9.1.3 - Cross-Site Scripting and Cache Poisoning via xdebug Plugin
Dec 19, 2022
CVSS 6.1
EPSS 0.08
CVE-2022-47500 MEDIUM
Apache Helix 0.8.0-1.0.4 - Open Redirect in UI Component
Dec 19, 2022
CVSS 6.1
EPSS 0.03
CVE-2022-37392 MEDIUM
Apache Traffic Server 8.0.0-9.1.2 - Improper Check for Unusual or Exceptional Conditions
Dec 19, 2022
CVSS 5.3
EPSS 0.03
CVE-2022-32749 HIGH
Apache Traffic Server 8.0.0-9.1.3 - Denial of Service via Request Handling
Dec 19, 2022
CVSS 7.5
EPSS 0.07
CVE-2022-46870 MEDIUM
Apache Zeppelin < 0.8.2 - Authenticated Stored Cross-Site Scripting
Dec 16, 2022
CVSS 5.4
EPSS 0.13
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 nifi 46 solr 46 cloudstack 45 cxf 43 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV