apache

2,902 tracked vulnerabilities.

CVE-2022-24969 MEDIUM
Apache Dubbo < 2.6.12 and 2.7.0-2.7.14 - Server-Side Request Forgery via parseURL Method
Jun 09, 2022
CVSS 6.1
EPSS 0.02
CVE-2022-30973 MEDIUM
Apache Tika < 1.28.3 - Denial of Service via StandardsText Regular Expression Backtracking
May 31, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-29405 MEDIUM
Apache Archiva < 2.2.8 - Authenticated Password Reset for Arbitrary Users
May 25, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-29599 CRITICAL
Apache Maven maven-shared-utils <3.3.3 - Command Injection
May 23, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-26650 HIGH
Apache ShenYu 2.4.0-2.4.2 - Denial of Service via RegexPredicateJudge
May 17, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-30126 MEDIUM
Apache Tika < 1.28.2 - Denial of Service via StandardsExtractingContentHandler
May 16, 2022
CVSS 5.5
EPSS 0.01
CVE-2022-25169 MEDIUM
Apache Tika < 1.28.2 - Denial of Service via BPG Parser
May 16, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-25762 HIGH
Apache Tomcat 8.5.0-8.5.75 and 9.0.0.M1-9.0.20 - Improper Resource Shutdown or Release in WebSocket Connection Handling
May 13, 2022
CVSS 8.6
EPSS 0.01
CVE-2022-29885 HIGH
Apache Tomcat 8.5.38-8.5.78 and 10.1.0-M1-10.1.0-M14 - Denial of Service via EncryptInterceptor
May 12, 2022
CVSS 7.5
EPSS 0.56
CVE-2022-28890 CRITICAL
Apache Jena <4.4.0 - Info Disclosure
May 05, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-29265 HIGH
Apache NiFi 0.0.1-1.16.0 - XML External Entity Injection in Standard Content Viewer and Processors
Apr 30, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-23942 HIGH
Apache Doris <1.0.0 - Info Disclosure
Apr 26, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-24706 CRITICAL KEVNUCLEI
Apache Couchdb Erlang RCE
Apr 26, 2022
CVSS 9.8
EPSS 0.94
CVE-2022-29266 HIGH
Apache APISIX <3.13.1 - Info Disclosure
Apr 20, 2022
CVSS 7.5
EPSS 0.36
CVE-2022-27479 CRITICAL
Apache Superset < 1.4.2 - SQL Injection in Chart Data Requests
Apr 13, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-24070 HIGH
Subversion mod_dav_svn <1.14.1 - Memory Corruption
Apr 12, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-26612 CRITICAL
Apache Hadoop < 3.2.3 - Arbitrary File Write via Symlink Bypass on Windows
Apr 07, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-26850 MEDIUM
Apache NiFi <1.16.0 - Info Disclosure
Apr 06, 2022
CVSS 4.3
EPSS 0.02
CVE-2022-23974 HIGH
Apache Pinot < 0.10.0 - Denial of Service via Segment Upload Path
Apr 05, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-25598 HIGH
Apache DolphinScheduler < 2.0.5 - Regular Expression Denial of Service in User Registration
Mar 30, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25757 CRITICAL
Apache APISIX < 2.13.0 - Request Body Validation Bypass via Duplicate JSON Keys
Mar 28, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-26779 HIGH
Apache CloudStack <4.16.1.0 - Info Disclosure
Mar 15, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23943 CRITICAL
Apache HTTP Server <2.4.52 - Memory Corruption
Mar 14, 2022
CVSS 9.8
EPSS 0.61
CVE-2022-22721 CRITICAL
Apache HTTP Server < 2.4.52 - Integer Overflow via Large Request Body Handling
Mar 14, 2022
CVSS 9.1
EPSS 0.13
CVE-2022-22720 CRITICAL
Apache HTTP Server < 2.4.52 - HTTP Request Smuggling via Inbound Connection Handling
Mar 14, 2022
CVSS 9.8
EPSS 0.27
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV