apache
2,902 tracked vulnerabilities.
CVE-2022-37866
HIGH
Apache Ivy 2.0.0-2.5.1 - Path Traversal via Artifact Coordinate Placeholders
Nov 07, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-42920
CRITICAL
Apache Commons BCEL < 6.6.0 - Arbitrary Bytecode Generation via Out-of-bounds Write
Nov 07, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-37865
CRITICAL
Apache Ivy 2.4.0-2.5.0 - Path Traversal and Arbitrary File Write via Archive Extraction
Nov 07, 2022
CVSS 9.1
EPSS 0.00
CVE-2022-33684
HIGH
Apache Pulsar C++ Client - Man-in-the-Middle
Nov 04, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-32287
HIGH
Apache UIMA < 3.3.0 - Path Traversal via ZIP Entry in PEAR File
Nov 03, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-43670
MEDIUM
Sling App CMS < 1.1.0 - Authenticated Reflected Cross-Site Scripting in Taxonomy Management
Nov 02, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-43985
MEDIUM
Apache Airflow <2.4.2 - Open Redirect
Nov 02, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-43982
MEDIUM
Apache Airflow < 2.4.2 - Stored Cross-Site Scripting via Trigger DAG Origin Query Argument
Nov 02, 2022
CVSS 6.1
EPSS 0.03
CVE-2022-34662
MEDIUM
Apache DolphinScheduler < 3.0.0 - Authenticated Path Traversal via Resource Center
Nov 01, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-31777
MEDIUM
Apache Spark < 3.2.2 - Stored Cross-Site Scripting via Log Rendering
Nov 01, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-42252
HIGH
Apache Tomcat 8.5.0-8.5.82, 9.0.0-M1-9.0.67, 10.0.0-M1-10.0.26, 10.1.0-M1-10.1.0 - HTTP Request Smuggling
Nov 01, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-26884
MEDIUM
Apache DolphinScheduler <2.0.6 - Info Disclosure
Oct 28, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-43766
HIGH
Apache IoTDB <0.12.7, >0.13.2 - DoS
Oct 26, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-42468
CRITICAL
Apache Flume 1.4.0-1.10.1 - Remote Code Execution via JMS Source ProviderURL
Oct 26, 2022
CVSS 9.8
EPSS 0.06
CVE-2022-39944
HIGH
Apache Linkis <=1.2.0 - Remote Code Execution via MySQL JDBC URL Deserialization
Oct 26, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-42890
HIGH
Apache Batik < 1.16 - Remote Code Execution via Untrusted SVG JavaScript
Oct 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-41704
HIGH
Apache XML Graphics <1.16 - Code Injection
Oct 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-34870
MEDIUM
Apache Geode < 1.15.0 - Cross-Site Scripting via Pulse Region Entry View
Oct 25, 2022
CVSS 5.4
EPSS 0.03
CVE-2022-42467
MEDIUM
Apache Isis < 2.0.0 - Insecure Default Configuration in Prototype Mode
Oct 19, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-42466
MEDIUM
Apache Isis < 2.0.0-M9 - Stored Cross-Site Scripting via Editable String Property
Oct 19, 2022
CVSS 6.1
EPSS 0.22
CVE-2022-39198
CRITICAL
Apache Dubbo < 2.7.17, 3.0.x <= 3.0.11, 3.1.x <= 3.1.0 - Remote Code Execution via Hessian-Lite Deserialization
Oct 18, 2022
CVSS 9.8
EPSS 0.10
CVE-2022-42889
CRITICAL
NUCLEI
Apache Commons Text 1.5-1.9 - Remote Code Execution via String Interpolation
Oct 13, 2022
CVSS 9.8
EPSS 0.94
CVE-2022-24697
CRITICAL
Kylin <2.6.5, <3.1.2, <4.0.1 - Command Injection
Oct 13, 2022
CVSS 9.8
EPSS 0.14
CVE-2022-40664
CRITICAL
Apache Shiro < 1.10.0 - Authentication Bypass via RequestDispatcher
Oct 12, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-41672
HIGH
Apache Airflow <2.4.1 - Privilege Escalation
Oct 07, 2022
CVSS 8.1
EPSS 0.00
Products
http_server 317
tomcat 254
airflow 120
struts 90
traffic_server 82
ofbiz 74
superset 68
openoffice 60
activemq 57
subversion 47
cxf 46
nifi 46
solr 46
cloudstack 45
camel 40
hadoop 37
inlong 32
openmeetings 28
dolphinscheduler 27
ambari 26
tika 25
jspwiki 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
archiva 20
couchdb 20
Quick Filters