apache
3,092 tracked vulnerabilities.
CVE-2022-43718
MEDIUM
Apache Superset <=1.5.2 and 2.0.0 - Authenticated Cross-Site Scripting in Upload Data Forms
Jan 16, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-43717
MEDIUM
Apache Superset < 1.5.2 and 2.0.0 - Authenticated Stored Cross-Site Scripting in Dashboard Markdown Components
Jan 16, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-41703
MEDIUM
Apache Superset <2.0.0 - SQL Injection
Jan 16, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-46769
MEDIUM
Apache Sling CMS < 1.1.4 - Authenticated Reflected Cross-Site Scripting in Site Group Feature
Jan 09, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-45935
MEDIUM
Apache James < 3.7.2 - Unprotected User Data Exposure via Temporary Files
Jan 06, 2023
CVSS 5.5
EPSS 0.00
CVE-2022-45787
MEDIUM
Apache James < 0.8.9 - Cleartext Storage of Sensitive Information via Temporary File Permissions
Jan 06, 2023
CVSS 5.5
EPSS 0.00
CVE-2022-45875
CRITICAL
Apache DolphinScheduler < 3.0.2 - Authenticated Remote Code Execution via Script Alert Plugin
Jan 04, 2023
CVSS 9.8
EPSS 0.03
CVE-2022-45143
HIGH
Apache Tomcat <10.1.1 - Info Disclosure
Jan 03, 2023
CVSS 7.5
EPSS 0.03
CVE-2022-44621
CRITICAL
Apache Kylin < 4.0.3 - Command Injection via Diagnosis Controller
Dec 30, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-43396
HIGH
Blacklist Bypass - Command Injection
Dec 30, 2022
CVSS 8.8
EPSS 0.57
CVE-2022-45347
CRITICAL
Apache ShardingSphere-Proxy <5.3.0 - Command Injection
Dec 22, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-40145
CRITICAL
Apache Karaf < 4.3.8 - Remote Code Execution via JNDI LDAP Data Source URI
Dec 21, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-46421
CRITICAL
Apache Airflow Hive Provider <5.0.0 - Command Injection
Dec 20, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-40743
MEDIUM
Apache Traffic Server 9.0.0-9.1.3 - Cross-Site Scripting and Cache Poisoning via xdebug Plugin
Dec 19, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-47500
MEDIUM
Apache Helix 0.8.0-1.0.4 - Open Redirect in UI Component
Dec 19, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-37392
MEDIUM
Apache Traffic Server 8.0.0-9.1.2 - Improper Check for Unusual or Exceptional Conditions
Dec 19, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-32749
HIGH
Apache Traffic Server 8.0.0-9.1.3 - Denial of Service via Request Handling
Dec 19, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-46870
MEDIUM
Apache Zeppelin < 0.8.2 - Authenticated Stored Cross-Site Scripting
Dec 16, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-32531
MEDIUM
Apache Bookkeeper < 4.14.6 - Improper Certificate Validation
Dec 15, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-34271
HIGH
Apache Atlas 0.8.4-2.2.0 - Authenticated Path Traversal and Arbitrary File Write
Dec 14, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-46364
CRITICAL
Apache CXF < 3.4.10 - Server-Side Request Forgery via MTOM XOP:Include href Attribute
Dec 13, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-46363
HIGH
Apache CXF <3.5.5-3.4.10 - Info Disclosure
Dec 13, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-45910
MEDIUM
Apache ManifoldCF < 2.23 - LDAP Injection in ActiveDirectory and Sharepoint Authority Connectors
Dec 07, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-46366
CRITICAL
Apache Tapestry 3.x - Remote Code Execution via Untrusted Data Deserialization
Dec 02, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-44635
HIGH
Apache Fineract < 1.8.1 - Authenticated Remote Code Execution via Path Traversal in File Upload
Nov 29, 2022
CVSS 8.8
EPSS 0.69
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters