apache

2,902 tracked vulnerabilities.

CVE-2022-36364 HIGH
Apache Calcite Avatica JDBC driver - RCE
Jul 28, 2022
CVSS 8.8
EPSS 0.12
CVE-2022-24294 HIGH
Apache MXNet < 1.9.1 - Denial of Service via Crafted Operator Name
Jul 24, 2022
CVSS 7.5
EPSS 0.05
CVE-2022-34169 HIGH
Apache Xalan <2.7.3 - Code Injection
Jul 19, 2022
CVSS 7.5
EPSS 0.11
CVE-2022-35741 CRITICAL
Apache CloudStack >=4.5.0 - XXE Injection
Jul 18, 2022
CVSS 9.8
EPSS 0.34
CVE-2022-36127 HIGH
Apache SkyWalking NodeJS Agent <0.5.1 - DoS
Jul 18, 2022
CVSS 7.5
EPSS 0.05
CVE-2022-33891 HIGH KEVNUCLEI
Apache Spark UI - Privilege Escalation
Jul 18, 2022
CVSS 8.8
EPSS 0.94
CVE-2022-31781 HIGH
Apache Tapestry < 5.8.2 - Regular Expression Denial of Service in ContentType Class
Jul 13, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-28889 MEDIUM
Apache Druid < 0.23.0 - Clickjacking via Missing Content-Security-Policy Header
Jul 07, 2022
CVSS 4.3
EPSS 0.02
CVE-2022-33980 CRITICAL
Apache Commons Configuration <2.8 - RCE
Jul 06, 2022
CVSS 9.8
EPSS 0.87
CVE-2022-32533 CRITICAL
Apache Jetspeed - Cross-Site Scripting via Untrusted User Input
Jul 06, 2022
CVSS 9.8
EPSS 0.11
CVE-2022-32532 CRITICAL
Apache Shiro < 1.9.1 - Authorization Bypass via RegexRequestMatcher Misconfiguration
Jun 29, 2022
CVSS 9.8
EPSS 0.81
CVE-2022-33879 LOW
Apache Tika < 1.28.4 - Denial of Service via StandardsExtractingContentHandler Regex
Jun 27, 2022
CVSS 3.3
EPSS 0.00
CVE-2022-26477 HIGH
Apache SystemDS < 2.2.1 - Uncontrolled Resource Consumption via For Loop Termination Condition
Jun 27, 2022
CVSS 7.5
EPSS 0.06
CVE-2022-34305 MEDIUM NUCLEI
Apache Tomcat 8.5.50-8.5.81, 10.1.0-M1-10.1.0-M16 - Cross-Site Scripting in Form Authentication Example
Jun 23, 2022
CVSS 6.1
EPSS 0.17
CVE-2022-32549 MEDIUM
Apache Sling Commons Log <= 5.4.0 & Apache Sling API <= 2.25.0 - Co...
Jun 22, 2022
CVSS 5.3
EPSS 0.03
CVE-2022-33140 HIGH
Apache NiFi <1.16.2 - Command Injection
Jun 15, 2022
CVSS 8.8
EPSS 0.04
CVE-2022-25167 CRITICAL
Apache Flume 1.4.0-1.9.0 - Remote Code Execution via JMS Source JNDI LDAP URI
Jun 14, 2022
CVSS 9.8
EPSS 0.07
CVE-2022-31813 CRITICAL
Apache HTTP Server < 2.4.54 - Insufficient Verification of Data Authenticity via X-Forwarded-* Headers
Jun 09, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-30556 HIGH
Apache HTTP Server < 2.4.54 - Exposure of Sensitive Information via Buffer Length Mismanagement
Jun 09, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-30522 HIGH
Apache HTTP Server 2.4.53 - Denial of Service via mod_sed Large Input Transformation
Jun 09, 2022
CVSS 7.5
EPSS 0.10
CVE-2022-29404 HIGH
Apache HTTP Server < 2.4.53 - Denial of Service via Lua Script r:parsebody(0)
Jun 09, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-28615 CRITICAL
Apache HTTP Server <2.4.53 - Info Disclosure
Jun 09, 2022
CVSS 9.1
EPSS 0.01
CVE-2022-28614 MEDIUM
Apache HTTP Server <2.4.53 - Memory Corruption
Jun 09, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-28330 MEDIUM
Apache HTTP Server <2.4.53 - Buffer Overflow
Jun 09, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-26377 HIGH
Apache HTTP Server 2.4.0-2.4.53 - HTTP Request Smuggling via mod_proxy_ajp
Jun 09, 2022
CVSS 7.5
EPSS 0.39
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV