apache
3,092 tracked vulnerabilities.
CVE-2022-42252
HIGH
Apache Tomcat 8.5.0-8.5.82, 9.0.0-M1-9.0.67, 10.0.0-M1-10.0.26, 10.1.0-M1-10.1.0 - HTTP Request Smuggling
Nov 01, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-26884
MEDIUM
Apache DolphinScheduler <2.0.6 - Info Disclosure
Oct 28, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-43766
HIGH
Apache IoTDB <0.12.7, >0.13.2 - DoS
Oct 26, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-42468
CRITICAL
Apache Flume 1.4.0-1.10.1 - Remote Code Execution via JMS Source ProviderURL
Oct 26, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-39944
HIGH
Apache Linkis <=1.2.0 - Remote Code Execution via MySQL JDBC URL Deserialization
Oct 26, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-42890
HIGH
Apache Batik < 1.16 - Remote Code Execution via Untrusted SVG JavaScript
Oct 25, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-41704
HIGH
Apache XML Graphics <1.16 - Code Injection
Oct 25, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-34870
MEDIUM
Apache Geode < 1.15.0 - Cross-Site Scripting via Pulse Region Entry View
Oct 25, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-42467
MEDIUM
Apache Isis < 2.0.0 - Insecure Default Configuration in Prototype Mode
Oct 19, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-42466
MEDIUM
Apache Isis < 2.0.0-M9 - Stored Cross-Site Scripting via Editable String Property
Oct 19, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-39198
CRITICAL
Apache Dubbo < 2.7.17, 3.0.x <= 3.0.11, 3.1.x <= 3.1.0 - Remote Code Execution via Hessian-Lite Deserialization
Oct 18, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-42889
CRITICAL
NUCLEI
Apache Commons Text 1.5-1.9 - Remote Code Execution via String Interpolation
Oct 13, 2022
CVSS 9.8
EPSS 1.00
CVE-2022-24697
CRITICAL
Kylin <2.6.5, <3.1.2, <4.0.1 - Command Injection
Oct 13, 2022
CVSS 9.8
EPSS 0.85
CVE-2022-40664
CRITICAL
Apache Shiro < 1.10.0 - Authentication Bypass via RequestDispatcher
Oct 12, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-41672
HIGH
Apache Airflow <2.4.1 - Privilege Escalation
Oct 07, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-40160
MEDIUM
Apache Commons Jxpath < 1.3 - Out-of-Bounds Write
Oct 06, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-40159
MEDIUM
Apache Commons Jxpath < 1.3 - Out-of-Bounds Write
Oct 06, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-33683
MEDIUM
Apache Pulsar <=2.6.4, 2.7.0-2.7.4, 2.8.0-2.8.3, 2.9.0-2.9.2, 2.10.0 - Improper Certificate Validation
Sep 23, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-33682
MEDIUM
Apache Pulsar 2.6.4 and earlier, 2.7.0-2.7.4, 2.8.0-2.8.3, 2.9.0-2.9.2, 2.10.0 - Improper Certificate Validation
Sep 23, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-33681
MEDIUM
Pulsar Java Client/Pulsar Proxy - Info Disclosure
Sep 23, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-24280
MEDIUM
Apache Pulsar Proxy <=2.9.1 Authenticated TCP/IP Connection Spoofing
Sep 23, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-26112
CRITICAL
Apache Pinot <0.10.0 - Buffer Overflow
Sep 23, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-40146
HIGH
Apache Batik 1.14 - Server-Side Request Forgery via Jar URL
Sep 22, 2022
CVSS 7.5
EPSS 0.06
CVE-2022-38648
MEDIUM
Apache XML Graphics Batik 1.14 - SSRF
Sep 22, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-38398
MEDIUM
Apache XML Graphics Batik <1.14 - SSRF
Sep 22, 2022
CVSS 5.3
EPSS 0.02
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters