apache

3,092 tracked vulnerabilities.

CVE-2022-42009 HIGH
Apache Ambari 2.7.0-2.7.6 - Authenticated Remote Code Execution via SpringEL Injection
Jul 12, 2023
CVSS 8.0
EPSS 0.01
CVE-2022-47184 HIGH
Apache Traffic Server <9.2.0 - Info Disclosure
Jun 14, 2023
CVSS 7.5
EPSS 0.02
CVE-2022-46907 MEDIUM
Apache JSPWiki < 2.12.0 - Cross-Site Scripting via Crafted Plugin Request
May 25, 2023
CVSS 6.1
EPSS 0.01
CVE-2022-47937 CRITICAL
Apache Sling Commons JSON < 2.0.20 - Denial of Service via Crafted Input
May 15, 2023
CVSS 9.8
EPSS 0.02
CVE-2022-45048 HIGH
Apache Ranger 2.3.0 - Authenticated Remote Code Execution via Policy Expression Injection
May 05, 2023
CVSS 8.4
EPSS 0.01
CVE-2022-46365 CRITICAL
Apache StreamPark <2.0.0 - Auth Bypass
May 01, 2023
CVSS 9.1
EPSS 0.01
CVE-2022-45802 CRITICAL
Apache StreamPark < 2.0.0 - Unauthenticated Unrestricted Upload of File with Dangerous Type
May 01, 2023
CVSS 9.8
EPSS 0.01
CVE-2022-45801 MEDIUM
Apache StreamPark 1.0.0-2.0.0 - LDAP Injection
May 01, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-47501 HIGH NUCLEI
Apache OFBiz < 18.12.07 - Unauthenticated Arbitrary File Read via Solr Plugin
Apr 14, 2023
CVSS 7.5
EPSS 0.10
CVE-2022-45064 HIGH
Apache Sling Engine < 2.14.0 - Cross-Site Scripting via RequestDispatcher Include
Apr 13, 2023
CVSS 8.0
EPSS 0.01
CVE-2022-47502 HIGH
Apache OpenOffice < 4.1.13 - Arbitrary Script Execution via Macro Link URI Scheme
Mar 24, 2023
CVSS 7.8
EPSS 0.01
CVE-2022-38745 HIGH
Apache OpenOffice <4.1.14 - Code Injection
Mar 24, 2023
CVSS 7.8
EPSS 0.01
CVE-2022-42735 HIGH
Apache ShenYu 2.5.0 - Privilege Escalation via User Creation
Feb 15, 2023
CVSS 8.8
EPSS 0.01
CVE-2022-45786 HIGH
Apache AGE < 1.1.0 - SQL Injection via Cypher Function Parameterization Bypass
Feb 04, 2023
CVSS 8.1
EPSS 0.01
CVE-2022-28331 CRITICAL
Apache Portable Runtime <1.7.0 - Buffer Overflow
Jan 31, 2023
CVSS 9.8
EPSS 0.02
CVE-2022-25147 MEDIUM
Apache Portable Runtime Utility < 1.6.1 - Integer Overflow in apr_base64 Functions
Jan 31, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-24963 CRITICAL
Apache Portable Runtime 1.7.0 - Integer Overflow or Wraparound in apr_encode Functions
Jan 31, 2023
CVSS 9.8
EPSS 0.01
CVE-2022-44645 HIGH
Apache Linkis <= 1.3.0 - Remote Code Execution via MySQL Connector/J Deserialization
Jan 31, 2023
CVSS 8.8
EPSS 0.02
CVE-2022-44644 MEDIUM
Apache Linkis <= 1.3.0 - Authenticated Arbitrary File Read via MySQL Connector/J JDBC Parameter
Jan 31, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-37436 MEDIUM
Apache HTTP Server < 2.4.55 - HTTP Response Header Injection via CRLF Sequence
Jan 17, 2023
CVSS 5.3
EPSS 0.58
CVE-2022-36760 CRITICAL
Apache HTTP Server 2.4.0-2.4.54 - HTTP Request Smuggling via mod_proxy_ajp
Jan 17, 2023
CVSS 9.0
EPSS 0.02
CVE-2022-45438 MEDIUM
Apache Superset <=1.5.2 and 2.0.0 - Unauthenticated Exposure of Dashboard Metadata via REST API
Jan 16, 2023
CVSS 5.3
EPSS 0.01
CVE-2022-43721 MEDIUM
Apache Superset <2.0.0 - Open Redirect
Jan 16, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-43720 MEDIUM
Apache Superset < 1.5.2 and 2.0.0 - Authenticated Cross-Site Scripting via Toast Message
Jan 16, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-43719 HIGH
Apache Superset < 1.5.2 and 2.0.0 - Cross-Site Request Forgery
Jan 16, 2023
CVSS 8.8
EPSS 0.01