apache

3,092 tracked vulnerabilities.

CVE-2022-40705 HIGH
Apache SOAP >= 2.2 - XML External Entity Injection in RPCRouterServlet
Sep 22, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-40754 MEDIUM
Apache Airflow 2.3.0-2.3.4 - Open Redirect via Confirm Endpoint
Sep 21, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-40604 HIGH
Apache Airflow 2.3.0-2.3.4 - Information Exposure via URL Format String
Sep 21, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-40955 HIGH
Apache InLong <1.3.0 - Deserialization
Sep 20, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-34917 HIGH
Apache Kafka 2.8.0-2.8.1 - Unauthenticated Denial of Service via Memory Allocation
Sep 20, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-39135 CRITICAL
Apache Calcite 1.22.0-1.31.0 - XML External Entity Injection via SQL Operators
Sep 11, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-28220 HIGH
Apache James < 3.6.3 and 3.7.1 - Command Injection via STARTTLS Buffering Attack
Sep 08, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-38370 HIGH
Apache IoTDB grafana-connector <0.13.1 - Info Disclosure
Sep 05, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-38369 HIGH
Apache IoTDB 0.13.0 - Session Fixation
Sep 05, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-38170 MEDIUM
Apache Airflow <2.3.4 - Info Disclosure
Sep 02, 2022
CVSS 4.7
EPSS 0.01
CVE-2022-38054 CRITICAL
Apache Airflow <2.3.3 - Info Disclosure
Sep 02, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-29158 HIGH
Apache OFBiz < 18.12.06 - Unauthenticated Regular Expression Denial of Service
Sep 02, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-29063 CRITICAL
Apache OFBiz < 18.12.06 - Remote Code Execution via Solr Plugin RMI Request
Sep 02, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-25813 HIGH
Apache OFBiz < 18.12.06 - Server-Side Template Injection via Ecommerce Contact Us Subject Field
Sep 02, 2022
CVSS 7.5
EPSS 0.67
CVE-2022-25371 CRITICAL
Apache OFBiz < 18.12.06 - Remote Code Execution via Birt Plugin
Sep 02, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-25370 MEDIUM
Apache OFBiz < 18.12.06 - Unauthenticated Stored Cross-Site Scripting via Birt Plugin
Sep 02, 2022
CVSS 5.4
EPSS 0.02
CVE-2022-37435 HIGH
Apache ShenYu 2.4.2-2.4.3 - Authenticated Privilege Escalation via Password Modification
Sep 01, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-37023 MEDIUM
Apache Geode < 1.15.0 - Deserialization of Untrusted Data via REST API
Aug 31, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-37022 HIGH
Apache Geode < 1.12.2 and 1.13.2 - Deserialization of Untrusted Data via JMX over RMI
Aug 31, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-37021 CRITICAL
Apache Geode <= 1.12.5, 1.13.4, 1.14.0 - Deserialization of Untrusted Data via JMX over RMI
Aug 31, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-22728 HIGH
Apache libapreq2 <= 2.16 - Denial of Service via Multipart Form Upload Buffer Overflow
Aug 25, 2022
CVSS 7.5
EPSS 0.05
CVE-2022-35278 MEDIUM
Apache ActiveMQ Artemis < 2.24.0 - Cross-Site Scripting via Address or Queue Name
Aug 23, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-34916 CRITICAL
Apache Flume 1.4.0-1.10.0 - Remote Code Execution via JMS Source JNDI LDAP URI
Aug 21, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-38362 HIGH
Apache Airflow Docker <3.0.0 - Authenticated RCE
Aug 16, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-37401 HIGH
Apache OpenOffice <4.1.13 - Info Disclosure
Aug 15, 2022
CVSS 8.8
EPSS 0.01