apache

2,902 tracked vulnerabilities.

CVE-2022-40160 MEDIUM
Apache Commons Jxpath < 1.3 - Out-of-Bounds Write
Oct 06, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-40159 MEDIUM
Apache Commons Jxpath < 1.3 - Out-of-Bounds Write
Oct 06, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-33683 MEDIUM
Apache Pulsar <=2.6.4, 2.7.0-2.7.4, 2.8.0-2.8.3, 2.9.0-2.9.2, 2.10.0 - Improper Certificate Validation
Sep 23, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-33682 MEDIUM
Apache Pulsar 2.6.4 and earlier, 2.7.0-2.7.4, 2.8.0-2.8.3, 2.9.0-2.9.2, 2.10.0 - Improper Certificate Validation
Sep 23, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-33681 MEDIUM
Pulsar Java Client/Pulsar Proxy - Info Disclosure
Sep 23, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-24280 MEDIUM
Apache Pulsar Proxy <=2.9.1 Authenticated TCP/IP Connection Spoofing
Sep 23, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-26112 CRITICAL
Apache Pinot <0.10.0 - Buffer Overflow
Sep 23, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-40146 HIGH
Apache Batik 1.14 - Server-Side Request Forgery via Jar URL
Sep 22, 2022
CVSS 7.5
EPSS 0.48
CVE-2022-38648 MEDIUM
Apache XML Graphics Batik 1.14 - SSRF
Sep 22, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-38398 MEDIUM
Apache XML Graphics Batik <1.14 - SSRF
Sep 22, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-40705 HIGH
Apache SOAP >= 2.2 - XML External Entity Injection in RPCRouterServlet
Sep 22, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-40754 MEDIUM
Apache Airflow 2.3.0-2.3.4 - Open Redirect via Confirm Endpoint
Sep 21, 2022
CVSS 6.1
EPSS 0.02
CVE-2022-40604 HIGH
Apache Airflow 2.3.0-2.3.4 - Information Exposure via URL Format String
Sep 21, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-40955 HIGH
Apache InLong <1.3.0 - Deserialization
Sep 20, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-34917 HIGH
Apache Kafka 2.8.0-2.8.1 - Unauthenticated Denial of Service via Memory Allocation
Sep 20, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-39135 CRITICAL
Apache Calcite 1.22.0-1.31.0 - XML External Entity Injection via SQL Operators
Sep 11, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-28220 HIGH
Apache James < 3.6.3 and 3.7.1 - Command Injection via STARTTLS Buffering Attack
Sep 08, 2022
CVSS 7.5
EPSS 0.09
CVE-2022-38370 HIGH
Apache IoTDB grafana-connector <0.13.1 - Info Disclosure
Sep 05, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-38369 HIGH
Apache IoTDB 0.13.0 - Session Fixation
Sep 05, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-38170 MEDIUM
Apache Airflow <2.3.4 - Info Disclosure
Sep 02, 2022
CVSS 4.7
EPSS 0.00
CVE-2022-38054 CRITICAL
Apache Airflow <2.3.3 - Info Disclosure
Sep 02, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-29158 HIGH
Apache OFBiz < 18.12.06 - Unauthenticated Regular Expression Denial of Service
Sep 02, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-29063 CRITICAL
Apache OFBiz < 18.12.06 - Remote Code Execution via Solr Plugin RMI Request
Sep 02, 2022
CVSS 9.8
EPSS 0.21
CVE-2022-25813 HIGH
Apache OFBiz < 18.12.06 - Server-Side Template Injection via Ecommerce Contact Us Subject Field
Sep 02, 2022
CVSS 7.5
EPSS 0.54
CVE-2022-25371 CRITICAL
Apache OFBiz < 18.12.06 - Remote Code Execution via Birt Plugin
Sep 02, 2022
CVSS 9.8
EPSS 0.02
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV