apache

2,902 tracked vulnerabilities.

CVE-2022-37392 MEDIUM
Apache Traffic Server 8.0.0-9.1.2 - Improper Check for Unusual or Exceptional Conditions
Dec 19, 2022
CVSS 5.3
EPSS 0.03
CVE-2022-32749 HIGH
Apache Traffic Server 8.0.0-9.1.3 - Denial of Service via Request Handling
Dec 19, 2022
CVSS 7.5
EPSS 0.07
CVE-2022-46870 MEDIUM
Apache Zeppelin < 0.8.2 - Authenticated Stored Cross-Site Scripting
Dec 16, 2022
CVSS 5.4
EPSS 0.06
CVE-2022-32531 MEDIUM
Apache Bookkeeper < 4.14.6 - Improper Certificate Validation
Dec 15, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-34271 HIGH
Apache Atlas 0.8.4-2.2.0 - Authenticated Path Traversal and Arbitrary File Write
Dec 14, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-46364 CRITICAL
Apache CXF < 3.4.10 - Server-Side Request Forgery via MTOM XOP:Include href Attribute
Dec 13, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-46363 HIGH
Apache CXF <3.5.5-3.4.10 - Info Disclosure
Dec 13, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-45910 MEDIUM
Apache ManifoldCF < 2.23 - LDAP Injection in ActiveDirectory and Sharepoint Authority Connectors
Dec 07, 2022
CVSS 5.3
EPSS 0.04
CVE-2022-46366 CRITICAL
Apache Tapestry 3.x - Remote Code Execution via Untrusted Data Deserialization
Dec 02, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-44635 HIGH
Apache Fineract < 1.8.1 - Authenticated Remote Code Execution via Path Traversal in File Upload
Nov 29, 2022
CVSS 8.8
EPSS 0.13
CVE-2022-26885 HIGH
Apache DolphinScheduler < 2.0.6 - Information Disclosure
Nov 24, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-45462 CRITICAL
Apache DolphinScheduler < 2.0.6 - Authenticated Command Injection in Alarm Instance Management
Nov 23, 2022
CVSS 9.8
EPSS 0.21
CVE-2022-41131 HIGH
Apache Airflow <4.1.0, <2.3.0 - Command Injection
Nov 22, 2022
CVSS 7.8
EPSS 0.01
CVE-2022-40954 MEDIUM
Apache Airflow <4.0.0, <2.3.0 - Command Injection
Nov 22, 2022
CVSS 5.5
EPSS 0.01
CVE-2022-40189 CRITICAL
Apache Airflow < 2.3.0 - OS Command Injection via Pig Provider
Nov 22, 2022
CVSS 9.8
EPSS 0.16
CVE-2022-38649 CRITICAL
Apache Airflow <4.0.0, <2.3.0 - Command Injection
Nov 22, 2022
CVSS 9.8
EPSS 0.09
CVE-2022-45470 HIGH
Apache Hama < 1.7.1 - Path Traversal and Cross-Site Scripting
Nov 21, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-45047 CRITICAL
Apache MINA SSHD <= 2.9.1 - Deserialization of Untrusted Data in SimpleGeneratorHostKeyProvider
Nov 16, 2022
CVSS 9.8
EPSS 0.06
CVE-2022-40309 MEDIUM
Apache Archiva <= 2.2.9 - Arbitrary Directory Deletion
Nov 15, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-40308 HIGH
Apache Archiva < 2.2.9 - Unauthenticated Database File Exposure
Nov 15, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-45402 MEDIUM
Apache Airflow < 2.4.3 - Open Redirect via Login Endpoint
Nov 15, 2022
CVSS 6.1
EPSS 0.05
CVE-2022-45136 CRITICAL
Apache Jena SDB < 3.17.0 - Remote Code Execution via JDBC Deserialization
Nov 14, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-45378 CRITICAL
Apache SOAP < 2.3 - Unauthenticated Remote Code Execution via RPCRouterServlet
Nov 14, 2022
CVSS 9.8
EPSS 0.05
CVE-2022-40127 HIGH NUCLEI
Apache Airflow < 2.4.0 - Authenticated Remote Code Execution via Run ID Parameter
Nov 14, 2022
CVSS 8.8
EPSS 0.93
CVE-2022-27949 HIGH
Apache Airflow < 2.3.1 - Unauthenticated Exposure of Sensitive Information in Task Template Rendering
Nov 14, 2022
CVSS 7.5
EPSS 0.02
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV