Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / apache

apache

2,902 tracked vulnerabilities.

CVE-2022-25370 MEDIUM

Apache OFBiz < 18.12.06 - Unauthenticated Stored Cross-Site Scripting via Birt Plugin

CVE-2022-37435 HIGH

Apache ShenYu 2.4.2-2.4.3 - Authenticated Privilege Escalation via Password Modification

CVE-2022-37023 MEDIUM

Apache Geode < 1.15.0 - Deserialization of Untrusted Data via REST API

CVE-2022-37022 HIGH

Apache Geode < 1.12.2 and 1.13.2 - Deserialization of Untrusted Data via JMX over RMI

CVE-2022-37021 CRITICAL

Apache Geode <= 1.12.5, 1.13.4, 1.14.0 - Deserialization of Untrusted Data via JMX over RMI

CVE-2022-22728 HIGH

Apache libapreq2 <= 2.16 - Denial of Service via Multipart Form Upload Buffer Overflow

CVE-2022-35278 MEDIUM

Apache ActiveMQ Artemis < 2.24.0 - Cross-Site Scripting via Address or Queue Name

CVE-2022-34916 CRITICAL

Apache Flume 1.4.0-1.10.0 - Remote Code Execution via JMS Source JNDI LDAP URI

CVE-2022-38362 HIGH

Apache Airflow Docker <3.0.0 - Authenticated RCE

CVE-2022-37401 HIGH

Apache OpenOffice <4.1.13 - Info Disclosure

CVE-2022-37400 HIGH

Apache OpenOffice <4.1.13 - Info Disclosure

CVE-2022-31780 HIGH

Apache Traffic Server 8.0.0-9.1.2 - HTTP Request Smuggling via HTTP/2 Frame Handling

CVE-2022-31779 HIGH

Apache Traffic Server 8.0.0-9.1.2 - HTTP Request Smuggling via HTTP/2 Header Parsing

CVE-2022-31778 HIGH

Apache Traffic Server 8.0.0-9.0.2 - Cache Poisoning via Transfer-Encoding Header

CVE-2022-28129 HIGH

Apache Traffic Server 8.0.0-9.1.2 - Improper Input Validation in HTTP/1.1 Header Parsing

CVE-2022-25763 HIGH

Apache Traffic Server 8.0.0-9.1.2 - HTTP Request Smuggling via HTTP/2 Request Validation

CVE-2022-36125 HIGH

Apache Avro Rust SDK <0.14.0 - Memory Corruption

CVE-2022-36124 HIGH

Apache Avro Rust SDK <0.14.0 - Memory Corruption

CVE-2022-35724 HIGH

Apache Avro < 0.14.0 - Denial of Service via Infinite Loop in Data Reader

CVE-2022-25168 CRITICAL

Apache Hadoop 2.0.0-2.10.1 and 2.10.2-3.3.3 - OS Command Injection via FileUtil.unTar

CVE-2022-34158 HIGH

Apache JSPWiki < 2.11.3 - Cross-Site Request Forgery via Image Plugin

CVE-2022-28732 MEDIUM

Apache JSPWiki < 2.11.3 - Cross-Site Scripting via WeblogPlugin

CVE-2022-28731 MEDIUM

Apache JSPWiki < 2.11.3 - Cross-Site Request Forgery via UserPreferences.jsp

CVE-2022-28730 MEDIUM

Apache JSPWiki < 2.11.3 - Cross-Site Scripting via Denounce Plugin

CVE-2022-27166 MEDIUM

Apache JSPWiki <= 2.11.2 - Cross-Site Scripting via XHRHtml2Markup.jsp

Previous Page 43 of 117 Next

Products

http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy