apache
3,092 tracked vulnerabilities.
CVE-2023-41752
HIGH
Apache Traffic Server 8.0.0-8.1.8 9.0.0-9.2.2 - Exposure of Sensitive Information
Oct 17, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-39456
HIGH
Apache Traffic Server 9.0.0-9.2.2 - Improper Input Validation via Malformed HTTP/2 Frames
Oct 17, 2023
CVSS 7.5
EPSS 0.53
CVE-2023-45757
MEDIUM
Apache bRPC <= 1.6.0 - Cross-Site Scripting in rpcz Page
Oct 16, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-43668
CRITICAL
Apache InLong 1.4.0-1.8.0 - Authorization Bypass via Sensitive Parameter Check Bypass
Oct 16, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-43667
HIGH
Apache InLong <1.9.0 - Info Disclosure
Oct 16, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-43666
MEDIUM
Apache InLong <1.9.0 - Info Disclosure
Oct 16, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-45348
MEDIUM
Apache Airflow 2.7.0-2.7.1 - Authenticated Exposure of Sensitive Configuration Information
Oct 14, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-42792
MEDIUM
Apache Airflow < 2.7.2 - Authenticated DAG Resource Access Control Bypass
Oct 14, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-42780
MEDIUM
Apache Airflow < 2.7.2 - Authenticated Exposure of Sensitive Information via DAG Warning List
Oct 14, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-42663
MEDIUM
Apache Airflow < 2.7.2 - Authenticated Exposure of Sensitive Task Instance Information
Oct 14, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-44981
CRITICAL
Apache ZooKeeper < 3.7.2 - Authorization Bypass via Missing SASL Instance Part
Oct 11, 2023
CVSS 9.1
EPSS 0.02
CVE-2023-37536
HIGH
Xerces-C++ 3.2.3 - Integer Overflow via HTTP Request
Oct 11, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-45648
MEDIUM
NUCLEI
Apache Tomcat 8.5.0-8.5.93, 9.0.0-M1-9.0.81, 10.1.0-M1-10.1.13, 11.0.0-M1-M11 HTTP Request Smuggling
Oct 10, 2023
CVSS 5.3
EPSS 0.06
CVE-2023-42795
MEDIUM
Apache Tomcat 8.5.0-8.5.93, 9.0.0-M1-9.0.80, 10.1.0-M1-10.1.13, 11.0.0-M1-M11 Info Disclosure
Oct 10, 2023
CVSS 5.3
EPSS 0.02
CVE-2023-42794
MEDIUM
Apache Tomcat 8.5.85-8.5.93 and 9.0.70-9.0.80 - Denial of Service via Unclosed File Stream
Oct 10, 2023
CVSS 5.9
EPSS 0.02
CVE-2023-44487
HIGH
KEV
HTTP/2 - Denial of Service via Rapid Stream Reset
Oct 10, 2023
CVSS 7.5
EPSS 1.00
CVE-2023-39410
HIGH
Apache Avro <= 1.11.2 - Denial of Service via Memory Exhaustion in Data Deserialization
Sep 29, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-41834
MEDIUM
Apache Flink Stateful Functions 3.1.0-3.2.0 - HTTP Response Splitting via CRLF Injection
Sep 19, 2023
CVSS 6.1
EPSS 0.02
CVE-2023-42503
MEDIUM
Apache Commons Compress 1.22-1.23.0 - Denial of Service via Malformed TAR File Modification Time Headers
Sep 14, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-41267
HIGH
Apache Airflow HDFS Provider <4.1.1 - Info Disclosure
Sep 14, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-41081
HIGH
Apache Tomcat Connectors - Auth Bypass
Sep 13, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-40712
MEDIUM
Apache Airflow <2.7.1 - Info Disclosure
Sep 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-40611
MEDIUM
Apache Airflow <2.7.1 - Privilege Escalation
Sep 12, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-39265
LOW
Apache Superset <= 2.1.0 - SQLite Database Connection Manipulation via Alternative Driver Names
Sep 06, 2023
CVSS 3.8
EPSS 0.84
CVE-2023-37941
MEDIUM
Apache Superset 1.5.0-2.1.0 - Remote Code Execution via Metadata Database Deserialization
Sep 06, 2023
CVSS 6.6
EPSS 0.29
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters