apache
3,092 tracked vulnerabilities.
CVE-2023-32672
MEDIUM
Apache Superset <= 2.1.0 - Authenticated Incorrect Authorization in SQLLab
Sep 06, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-39264
MEDIUM
Apache Superset <= 2.1.0 - Sensitive Information Exposure via REST API Error Stack Traces
Sep 06, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-36388
MEDIUM
Apache Superset <= 2.1.0 - Authenticated Server-Side Request Forgery via Network Connection Test
Sep 06, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-36387
MEDIUM
Apache Superset <2.1.0 - Info Disclosure
Sep 06, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-27526
MEDIUM
Apache Superset <= 2.1.0 - Authenticated Incorrect Authorization via Import Charts Feature
Sep 06, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-27523
MEDIUM
Apache Superset <= 2.1.0 - Authenticated Improper Data Authorization in Jinja Templated Queries
Sep 06, 2023
CVSS 5.0
EPSS 0.01
CVE-2023-40743
CRITICAL
Apache Axis 1.x - Server-Side Request Forgery and Remote Code Execution via ServiceFactory.getService
Sep 05, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-41180
MEDIUM
Apache NiFi MiNiFi C++ <0.15 - Certificate Validation
Sep 03, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-40195
HIGH
Apache Airflow Spark Provider < 4.1.3 - Authenticated Remote Code Execution via Malicious Spark Server
Aug 28, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-27604
HIGH
Apache Airflow Sqoop Provider < 4.0.0 - Authenticated Remote Code Execution via Sqoop Import Connection Parameters
Aug 28, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-41080
MEDIUM
Apache Tomcat <11.0.0-M10 - Open Redirect
Aug 25, 2023
CVSS 6.1
EPSS 0.06
CVE-2023-40273
HIGH
Apache Airflow < 2.7.0 - Authenticated Session Fixation via Password Reset
Aug 23, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-39441
MEDIUM
Apache Airflow < 2.7.0 - Improper Certificate Validation
Aug 23, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-37379
HIGH
Apache Airflow < 2.7.0 - Authenticated Denial of Service via Connection Test Feature
Aug 23, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-40037
MEDIUM
Apache NiFi 1.21.0-1.23.0 - Authenticated Connection URL Validation Bypass via Custom Input Formatting
Aug 18, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-40272
HIGH
Apache Airflow Spark Provider < 4.1.3 - Arbitrary File Read via Connection Parameters
Aug 17, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-39553
HIGH
Apache Airflow Drill Provider < 2.4.3 - Unauthenticated Arbitrary File Read via DrillHook Connection Parameters
Aug 11, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-33934
CRITICAL
Apache Traffic Server <9.2.1 - Info Disclosure
Aug 09, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-37581
MEDIUM
Apache Roller < 6.1.2 - Authenticated Cross-Site Scripting in Weblog Category and File Upload Features
Aug 06, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-39508
HIGH
Apache Airflow < 2.6.0 - Authenticated Privilege Escalation and DAG Access Bypass via Run Task Feature
Aug 05, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-36542
HIGH
Apache NiFi <1.22.0 - Authenticated RCE
Jul 29, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-38647
CRITICAL
Apache Helix < 1.3.0 - Remote Code Execution via SnakeYAML Deserialization
Jul 26, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-38435
MEDIUM
Apache Felix Healthcheck Webconsole Plugin <2.1.0 - XSS
Jul 25, 2023
CVSS 6.1
EPSS 0.02
CVE-2023-37895
CRITICAL
Apache Jackrabbit 1.0.0-2.20.10 and 2.21.0-2.21.17 - Remote Code Execution via RMI Deserialization
Jul 25, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-35088
CRITICAL
Apache InLong 1.4.0-1.7.0 - SQL Injection via toAuditCkSql Method
Jul 25, 2023
CVSS 9.8
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters