apache
2,902 tracked vulnerabilities.
CVE-2021-43083
HIGH
Apache PLC4X - PLC4C <0.9.1 - Buffer Overflow
Dec 19, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-45105
MEDIUM
Apache Log4j 2.0-alpha1-2.16.0 - Denial of Service via Thread Context Map Self-Referential Lookup
Dec 18, 2021
CVSS 5.9
EPSS 0.75
CVE-2021-44145
MEDIUM
Apache NiFi < 1.15.1 - Authenticated Exposure of Sensitive Information via TransformXML Processor
Dec 17, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-45046
CRITICAL
KEVNUCLEI
Apache Log4j < 2.12.2 - Remote Code Execution
Dec 14, 2021
CVSS 9.0
EPSS 0.94
CVE-2021-44549
HIGH
Apache Sling Commons Messaging Mail < 2.0 - Improper Certificate Validation
Dec 14, 2021
CVSS 7.4
EPSS 0.00
CVE-2021-4104
HIGH
Apache Log4j 1.2 - Remote Code Execution via JMSAppender JNDI Requests
Dec 14, 2021
CVSS 7.5
EPSS 0.72
CVE-2021-44228
CRITICAL
KEVNUCLEI
Log4Shell HTTP Header Injection
Dec 10, 2021
CVSS 10.0
EPSS 0.94
CVE-2021-43410
MEDIUM
Apache Airavata Django Portal <3c5d8c7 - Log Injection
Dec 09, 2021
CVSS 5.3
EPSS 0.03
CVE-2021-44140
CRITICAL
Apache JSPWiki < 2.11.0 - Arbitrary File Deletion via Logout Request
Nov 24, 2021
CVSS 9.1
EPSS 0.06
CVE-2021-40369
MEDIUM
Apache JSPWiki < 2.11.0 - Cross-Site Scripting via Denounce Plugin
Nov 24, 2021
CVSS 6.1
EPSS 0.03
CVE-2021-43557
HIGH
Apache APISIX < 2.10.2 - URI Blocklist Bypass via Unnormalized Request URI
Nov 22, 2021
CVSS 7.5
EPSS 0.58
CVE-2021-41532
MEDIUM
Apache Ozone < 1.2.0 - Unauthenticated Exposure of Sensitive Information via Recon HTTP Endpoints
Nov 19, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-39236
HIGH
Apache Ozone < 1.2.0 - Authenticated User Impersonation via OM Request
Nov 19, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-39235
MEDIUM
Apache Ozone < 1.2.0 - Authenticated Incorrect Permission Assignment for Critical Resource
Nov 19, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-39234
MEDIUM
Apache Ozone < 1.2.0 - Authenticated Security Bypass via Block ID Manipulation
Nov 19, 2021
CVSS 6.8
EPSS 0.00
CVE-2021-39233
CRITICAL
Apache Ozone < 1.2.0 - Unauthenticated Container Request Access
Nov 19, 2021
CVSS 9.1
EPSS 0.01
CVE-2021-39232
HIGH
Apache Ozone < 1.2.0 - Authenticated Missing Authorization for Admin Commands
Nov 19, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-39231
CRITICAL
Apache Ozone < 1.2.0 - Missing Authorization for Internal RPC Endpoints
Nov 19, 2021
CVSS 9.1
EPSS 0.01
CVE-2021-36372
CRITICAL
Apache Ozone <1.2.0 - Info Disclosure
Nov 19, 2021
CVSS 9.8
EPSS 0.00
CVE-2021-42250
MEDIUM
Apache Superset < 1.3.2 - Authenticated Log Forgery via HTTP Endpoint
Nov 17, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-37580
CRITICAL
NUCLEI
Apache ShenYu 2.3.0-2.4.0 - Authentication Bypass via JWT Misuse
Nov 16, 2021
CVSS 9.8
EPSS 0.94
CVE-2021-41972
MEDIUM
Apache Superset <= 1.3.1 - Authenticated Database Connection Password Leak
Nov 12, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-43350
CRITICAL
Apache Traffic Control - Info Disclosure
Nov 11, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-26558
HIGH
Apache ShardingSphere-UI 4.1.1-5.0.0 - Deserialization of Untrusted Data
Nov 11, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-43082
CRITICAL
Apache Traffic Server <9.1.0 - Buffer Overflow
Nov 03, 2021
CVSS 9.8
EPSS 0.01
Products
http_server 317
tomcat 254
airflow 120
struts 90
traffic_server 82
ofbiz 74
superset 68
openoffice 60
activemq 57
subversion 47
cxf 46
nifi 46
solr 46
cloudstack 45
camel 40
hadoop 37
inlong 32
openmeetings 28
dolphinscheduler 27
ambari 26
tika 25
jspwiki 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
archiva 20
couchdb 20
Quick Filters