apache

2,902 tracked vulnerabilities.

CVE-2022-22719 HIGH
Apache HTTP Server <2.4.52 - Memory Corruption
Mar 14, 2022
CVSS 7.5
EPSS 0.30
CVE-2022-25312 CRITICAL
Apache Any23 < 2.7 - XML External Entity Injection in RDFa XSLTStylesheet Extractor
Mar 05, 2022
CVSS 9.1
EPSS 0.01
CVE-2022-26336 MEDIUM
Apache POI <5.2.0 - Memory Corruption
Mar 04, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-24948 MEDIUM
Apache JSPWiki < 2.11.2 - Stored Cross-Site Scripting via User Preferences Screen
Feb 25, 2022
CVSS 6.1
EPSS 0.04
CVE-2022-24947 HIGH
Apache JSPWiki < 2.11.2 - Cross-Site Request Forgery in User Preferences Form
Feb 25, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-24288 HIGH NUCLEI
Apache Airflow <2.2.4 - Command Injection
Feb 25, 2022
CVSS 8.8
EPSS 0.90
CVE-2022-24289 HIGH
Apache Cayenne <4.1 - Code Injection
Feb 11, 2022
CVSS 8.8
EPSS 0.03
CVE-2022-24112 CRITICAL KEVNUCLEI
APISIX Admin API default access token RCE
Feb 11, 2022
CVSS 9.8
EPSS 0.94
CVE-2022-22931 MEDIUM
Apache James < 3.6.2 - Path Traversal in Maildir Mailbox Store and Sieve File Repository
Feb 07, 2022
CVSS 4.3
EPSS 0.03
CVE-2022-23206 HIGH
Apache Traffic Control < 5.1.6 and 6.0.0-6.1.0 - Server-Side Request Forgery via OAuth Login Endpoint
Feb 06, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23913 HIGH
Apache ActiveMQ Artemis <2.20.0-2.19.1 - DoS
Feb 04, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-23181 HIGH
Apache Tomcat 8.5.55-8.5.73, 9.0.35-9.0.56, 10.0.0-M5-10.0.14, 10.1.0-M1-10.1.0-M8 - TOCTOU Race Condition in FileStore
Jan 27, 2022
CVSS 7.0
EPSS 0.00
CVE-2022-22932 MEDIUM
Apache Karaf < 4.2.15 and 4.3.0-4.3.6 - Path Traversal via obr Commands and karaf-maven-plugin
Jan 26, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-23945 HIGH
Apache ShenYu 2.4.0-2.4.1 - Unauthenticated Missing Authorization via HTTP Registration
Jan 25, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23944 CRITICAL NUCLEI
Apache ShenYu <2.4.1 - Info Disclosure
Jan 25, 2022
CVSS 9.1
EPSS 0.90
CVE-2022-23223 HIGH
Apache ShenYu 2.4.0-2.4.1 - Unauthenticated Password Disclosure
Jan 25, 2022
CVSS 7.5
EPSS 0.05
CVE-2022-23437 MEDIUM
Apache Xerces-J < 2.12.1 - Denial of Service via Infinite Loop in XML Parser
Jan 24, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-22733 MEDIUM NUCLEI
Apache ShardingSphere ElasticJob-UI <= 3.0.0 - Authenticated Privilege Escalation via Guest Account
Jan 20, 2022
CVSS 6.5
EPSS 0.78
CVE-2022-23307 HIGH
Apache Chainsaw < 2.1.0 - Deserialization of Untrusted Data
Jan 18, 2022
CVSS 8.8
EPSS 0.03
CVE-2022-23305 CRITICAL
Apache Log4j 1.2.x - SQL Injection via JDBCAppender Message Converter
Jan 18, 2022
CVSS 9.8
EPSS 0.09
CVE-2022-23302 HIGH
Apache Log4j 1.x - Deserialization of Untrusted Data via JMSSink Configuration
Jan 18, 2022
CVSS 8.8
EPSS 0.01
CVE-2021-28656 MEDIUM
Apache Zeppelin < 0.9.0 - Cross-Site Request Forgery in Credential Page
Apr 09, 2024
CVSS 5.4
EPSS 0.02
CVE-2021-40331 HIGH
Apache Ranger Hive Plugin <2.4.0 - Privilege Escalation
May 05, 2023
CVSS 8.1
EPSS 0.00
CVE-2021-32824 CRITICAL
Apache Dubbo < 2.6.10 - Unauthenticated Remote Code Execution via Telnet Handler Bean Manipulation
Jan 03, 2023
CVSS 9.8
EPSS 0.06
CVE-2021-28655 MEDIUM
Apache Zeppelin < 0.9.0 - Arbitrary File Deletion via Move Folder to Trash Feature
Dec 16, 2022
CVSS 6.5
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV