apache

3,092 tracked vulnerabilities.

CVE-2022-43718 MEDIUM
Apache Superset <=1.5.2 and 2.0.0 - Authenticated Cross-Site Scripting in Upload Data Forms
Jan 16, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-43717 MEDIUM
Apache Superset < 1.5.2 and 2.0.0 - Authenticated Stored Cross-Site Scripting in Dashboard Markdown Components
Jan 16, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-41703 MEDIUM
Apache Superset <2.0.0 - SQL Injection
Jan 16, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-46769 MEDIUM
Apache Sling CMS < 1.1.4 - Authenticated Reflected Cross-Site Scripting in Site Group Feature
Jan 09, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-45935 MEDIUM
Apache James < 3.7.2 - Unprotected User Data Exposure via Temporary Files
Jan 06, 2023
CVSS 5.5
EPSS 0.00
CVE-2022-45787 MEDIUM
Apache James < 0.8.9 - Cleartext Storage of Sensitive Information via Temporary File Permissions
Jan 06, 2023
CVSS 5.5
EPSS 0.00
CVE-2022-45875 CRITICAL
Apache DolphinScheduler < 3.0.2 - Authenticated Remote Code Execution via Script Alert Plugin
Jan 04, 2023
CVSS 9.8
EPSS 0.03
CVE-2022-45143 HIGH
Apache Tomcat <10.1.1 - Info Disclosure
Jan 03, 2023
CVSS 7.5
EPSS 0.03
CVE-2022-44621 CRITICAL
Apache Kylin < 4.0.3 - Command Injection via Diagnosis Controller
Dec 30, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-43396 HIGH
Blacklist Bypass - Command Injection
Dec 30, 2022
CVSS 8.8
EPSS 0.57
CVE-2022-45347 CRITICAL
Apache ShardingSphere-Proxy <5.3.0 - Command Injection
Dec 22, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-40145 CRITICAL
Apache Karaf < 4.3.8 - Remote Code Execution via JNDI LDAP Data Source URI
Dec 21, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-46421 CRITICAL
Apache Airflow Hive Provider <5.0.0 - Command Injection
Dec 20, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-40743 MEDIUM
Apache Traffic Server 9.0.0-9.1.3 - Cross-Site Scripting and Cache Poisoning via xdebug Plugin
Dec 19, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-47500 MEDIUM
Apache Helix 0.8.0-1.0.4 - Open Redirect in UI Component
Dec 19, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-37392 MEDIUM
Apache Traffic Server 8.0.0-9.1.2 - Improper Check for Unusual or Exceptional Conditions
Dec 19, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-32749 HIGH
Apache Traffic Server 8.0.0-9.1.3 - Denial of Service via Request Handling
Dec 19, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-46870 MEDIUM
Apache Zeppelin < 0.8.2 - Authenticated Stored Cross-Site Scripting
Dec 16, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-32531 MEDIUM
Apache Bookkeeper < 4.14.6 - Improper Certificate Validation
Dec 15, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-34271 HIGH
Apache Atlas 0.8.4-2.2.0 - Authenticated Path Traversal and Arbitrary File Write
Dec 14, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-46364 CRITICAL
Apache CXF < 3.4.10 - Server-Side Request Forgery via MTOM XOP:Include href Attribute
Dec 13, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-46363 HIGH
Apache CXF <3.5.5-3.4.10 - Info Disclosure
Dec 13, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-45910 MEDIUM
Apache ManifoldCF < 2.23 - LDAP Injection in ActiveDirectory and Sharepoint Authority Connectors
Dec 07, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-46366 CRITICAL
Apache Tapestry 3.x - Remote Code Execution via Untrusted Data Deserialization
Dec 02, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-44635 HIGH
Apache Fineract < 1.8.1 - Authenticated Remote Code Execution via Path Traversal in File Upload
Nov 29, 2022
CVSS 8.8
EPSS 0.69