apache
3,092 tracked vulnerabilities.
CVE-2022-42009
HIGH
Apache Ambari 2.7.0-2.7.6 - Authenticated Remote Code Execution via SpringEL Injection
Jul 12, 2023
CVSS 8.0
EPSS 0.01
CVE-2022-47184
HIGH
Apache Traffic Server <9.2.0 - Info Disclosure
Jun 14, 2023
CVSS 7.5
EPSS 0.02
CVE-2022-46907
MEDIUM
Apache JSPWiki < 2.12.0 - Cross-Site Scripting via Crafted Plugin Request
May 25, 2023
CVSS 6.1
EPSS 0.01
CVE-2022-47937
CRITICAL
Apache Sling Commons JSON < 2.0.20 - Denial of Service via Crafted Input
May 15, 2023
CVSS 9.8
EPSS 0.02
CVE-2022-45048
HIGH
Apache Ranger 2.3.0 - Authenticated Remote Code Execution via Policy Expression Injection
May 05, 2023
CVSS 8.4
EPSS 0.01
CVE-2022-46365
CRITICAL
Apache StreamPark <2.0.0 - Auth Bypass
May 01, 2023
CVSS 9.1
EPSS 0.01
CVE-2022-45802
CRITICAL
Apache StreamPark < 2.0.0 - Unauthenticated Unrestricted Upload of File with Dangerous Type
May 01, 2023
CVSS 9.8
EPSS 0.01
CVE-2022-45801
MEDIUM
Apache StreamPark 1.0.0-2.0.0 - LDAP Injection
May 01, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-47501
HIGH
NUCLEI
Apache OFBiz < 18.12.07 - Unauthenticated Arbitrary File Read via Solr Plugin
Apr 14, 2023
CVSS 7.5
EPSS 0.10
CVE-2022-45064
HIGH
Apache Sling Engine < 2.14.0 - Cross-Site Scripting via RequestDispatcher Include
Apr 13, 2023
CVSS 8.0
EPSS 0.01
CVE-2022-47502
HIGH
Apache OpenOffice < 4.1.13 - Arbitrary Script Execution via Macro Link URI Scheme
Mar 24, 2023
CVSS 7.8
EPSS 0.01
CVE-2022-38745
HIGH
Apache OpenOffice <4.1.14 - Code Injection
Mar 24, 2023
CVSS 7.8
EPSS 0.01
CVE-2022-42735
HIGH
Apache ShenYu 2.5.0 - Privilege Escalation via User Creation
Feb 15, 2023
CVSS 8.8
EPSS 0.01
CVE-2022-45786
HIGH
Apache AGE < 1.1.0 - SQL Injection via Cypher Function Parameterization Bypass
Feb 04, 2023
CVSS 8.1
EPSS 0.01
CVE-2022-28331
CRITICAL
Apache Portable Runtime <1.7.0 - Buffer Overflow
Jan 31, 2023
CVSS 9.8
EPSS 0.02
CVE-2022-25147
MEDIUM
Apache Portable Runtime Utility < 1.6.1 - Integer Overflow in apr_base64 Functions
Jan 31, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-24963
CRITICAL
Apache Portable Runtime 1.7.0 - Integer Overflow or Wraparound in apr_encode Functions
Jan 31, 2023
CVSS 9.8
EPSS 0.01
CVE-2022-44645
HIGH
Apache Linkis <= 1.3.0 - Remote Code Execution via MySQL Connector/J Deserialization
Jan 31, 2023
CVSS 8.8
EPSS 0.02
CVE-2022-44644
MEDIUM
Apache Linkis <= 1.3.0 - Authenticated Arbitrary File Read via MySQL Connector/J JDBC Parameter
Jan 31, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-37436
MEDIUM
Apache HTTP Server < 2.4.55 - HTTP Response Header Injection via CRLF Sequence
Jan 17, 2023
CVSS 5.3
EPSS 0.58
CVE-2022-36760
CRITICAL
Apache HTTP Server 2.4.0-2.4.54 - HTTP Request Smuggling via mod_proxy_ajp
Jan 17, 2023
CVSS 9.0
EPSS 0.02
CVE-2022-45438
MEDIUM
Apache Superset <=1.5.2 and 2.0.0 - Unauthenticated Exposure of Dashboard Metadata via REST API
Jan 16, 2023
CVSS 5.3
EPSS 0.01
CVE-2022-43721
MEDIUM
Apache Superset <2.0.0 - Open Redirect
Jan 16, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-43720
MEDIUM
Apache Superset < 1.5.2 and 2.0.0 - Authenticated Cross-Site Scripting via Toast Message
Jan 16, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-43719
HIGH
Apache Superset < 1.5.2 and 2.0.0 - Cross-Site Request Forgery
Jan 16, 2023
CVSS 8.8
EPSS 0.01
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters