apache
2,902 tracked vulnerabilities.
CVE-2021-38153
MEDIUM
Apache Kafka <2.8.1-2.8.0 - Timing Attack
Sep 22, 2021
CVSS 5.9
EPSS 0.02
CVE-2021-40690
HIGH
Apache Santuario XML Security for Java < 2.1.7 - Sensitive Information Exposure via XPath Transform
Sep 19, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-41303
CRITICAL
Apache Shiro < 1.8.0 - Authentication Bypass via Spring Boot Integration
Sep 17, 2021
CVSS 9.8
EPSS 0.49
CVE-2021-41079
HIGH
Apache Tomcat 8.5.0-8.5.63 9.0.0-M1-9.0.43 10.0.0-M1-10.0.2 - Denial of Service via TLS Packet Validation Bypass
Sep 16, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-40438
CRITICAL
KEVNUCLEI
Apache HTTP Server <2.4.48 - SSRF
Sep 16, 2021
CVSS 9.0
EPSS 0.94
CVE-2021-39275
CRITICAL
Apache HTTP Server < 2.4.49 - Out-of-bounds Write in ap_escape_quotes()
Sep 16, 2021
CVSS 9.8
EPSS 0.38
CVE-2021-39239
HIGH
Apache Jena < 4.1.0 - XML External Entity Injection
Sep 16, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-36160
HIGH
Apache HTTP Server 2.4.30-2.4.48 - Denial of Service via mod_proxy_uwsgi URI Path
Sep 16, 2021
CVSS 7.5
EPSS 0.05
CVE-2021-34798
HIGH
Apache HTTP Server < 2.4.48 - NULL Pointer Dereference
Sep 16, 2021
CVSS 7.5
EPSS 0.10
CVE-2021-40146
CRITICAL
Apache Any23 < 2.5 - Remote Code Execution in YAMLExtractor
Sep 11, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-38555
CRITICAL
Apache Any23 < 2.5 - XML External Entity Injection in StreamUtils.java
Sep 11, 2021
CVSS 9.1
EPSS 0.01
CVE-2021-38540
CRITICAL
NUCLEI
Airflow >=2.0.0-<2.1.3 - RCE/Info Disclosure
Sep 09, 2021
CVSS 9.8
EPSS 0.92
CVE-2021-37579
CRITICAL
Apache Dubbo 2.7.0-2.7.12 - Deserialization of Untrusted Data via Security Check Bypass
Sep 09, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-36161
CRITICAL
Apache Dubbo < 2.7.13 - Remote Code Execution via Format String Injection in toString Call
Sep 09, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-36163
CRITICAL
Apache Dubbo 2.7.0-2.7.12 - Deserialization of Untrusted Data via Hessian Protocol
Sep 07, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-36162
HIGH
Apache Dubbo 2.7.0-2.7.12 and 0-2.7.12 - Remote Code Execution via SnakeYAML Constructor Deserialization
Sep 07, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-27578
MEDIUM
Apache Zeppelin < 0.9.0 - Cross-Site Scripting in Markdown Interpreter
Sep 02, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-25958
MEDIUM
Apache OFBiz 17.12.01-17.12.07 - Information Disclosure via Exception Handling
Aug 30, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-33191
CRITICAL
Apache NiFi MiNiFi C++ <0.10.0 - Privilege Escalation
Aug 24, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-35940
HIGH
Apache Portable Runtime <1.7.0 - Info Disclosure
Aug 23, 2021
CVSS 7.1
EPSS 0.00
CVE-2021-37608
CRITICAL
Apache OFBiz < 17.12.08 - Unrestricted Upload of File with Dangerous Type
Aug 18, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-33580
HIGH
Apache Roller < 6.0.2 - Denial of Service via Regex Catastrophic Backtracking
Aug 18, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-35936
MEDIUM
Apache Airflow < 2.1.2 - Info Disclosure
Aug 16, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-33193
HIGH
Apache HTTP Server <2.4.49 - SSRF
Aug 16, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-21501
HIGH
ServiceComb 1.0.0-1.x.x - Path Traversal
Aug 10, 2021
CVSS 7.5
EPSS 0.01
Products
http_server 317
tomcat 254
airflow 120
struts 90
traffic_server 82
ofbiz 74
superset 68
openoffice 60
activemq 57
subversion 47
cxf 46
nifi 46
solr 46
cloudstack 45
camel 40
hadoop 37
inlong 32
openmeetings 28
dolphinscheduler 27
ambari 26
tika 25
jspwiki 24
geode 23
spark 22
wicket 22
zeppelin 22
kylin 21
ranger 21
archiva 20
couchdb 20
Quick Filters