apache
3,092 tracked vulnerabilities.
CVE-2022-37400
HIGH
Apache OpenOffice <4.1.13 - Info Disclosure
Aug 15, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-31780
HIGH
Apache Traffic Server 8.0.0-9.1.2 - HTTP Request Smuggling via HTTP/2 Frame Handling
Aug 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-31779
HIGH
Apache Traffic Server 8.0.0-9.1.2 - HTTP Request Smuggling via HTTP/2 Header Parsing
Aug 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-31778
HIGH
Apache Traffic Server 8.0.0-9.0.2 - Cache Poisoning via Transfer-Encoding Header
Aug 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-28129
HIGH
Apache Traffic Server 8.0.0-9.1.2 - Improper Input Validation in HTTP/1.1 Header Parsing
Aug 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-25763
HIGH
Apache Traffic Server 8.0.0-9.1.2 - HTTP Request Smuggling via HTTP/2 Request Validation
Aug 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-36125
HIGH
Apache Avro Rust SDK <0.14.0 - Memory Corruption
Aug 09, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-36124
HIGH
Apache Avro Rust SDK <0.14.0 - Memory Corruption
Aug 09, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-35724
HIGH
Apache Avro < 0.14.0 - Denial of Service via Infinite Loop in Data Reader
Aug 09, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-25168
CRITICAL
Apache Hadoop 2.0.0-2.10.1 and 2.10.2-3.3.3 - OS Command Injection via FileUtil.unTar
Aug 04, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-34158
HIGH
Apache JSPWiki < 2.11.3 - Cross-Site Request Forgery via Image Plugin
Aug 04, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-28732
MEDIUM
Apache JSPWiki < 2.11.3 - Cross-Site Scripting via WeblogPlugin
Aug 04, 2022
CVSS 6.1
EPSS 0.82
CVE-2022-28731
MEDIUM
Apache JSPWiki < 2.11.3 - Cross-Site Request Forgery via UserPreferences.jsp
Aug 04, 2022
CVSS 6.5
EPSS 0.56
CVE-2022-28730
MEDIUM
Apache JSPWiki < 2.11.3 - Cross-Site Scripting via Denounce Plugin
Aug 04, 2022
CVSS 6.1
EPSS 0.85
CVE-2022-27166
MEDIUM
Apache JSPWiki <= 2.11.2 - Cross-Site Scripting via XHRHtml2Markup.jsp
Aug 04, 2022
CVSS 6.1
EPSS 0.85
CVE-2022-36364
HIGH
Apache Calcite Avatica JDBC driver - RCE
Jul 28, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-24294
HIGH
Apache MXNet < 1.9.1 - Denial of Service via Crafted Operator Name
Jul 24, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-34169
HIGH
Apache Xalan <2.7.3 - Code Injection
Jul 19, 2022
CVSS 7.5
EPSS 0.16
CVE-2022-35741
CRITICAL
Apache CloudStack >=4.5.0 - XXE Injection
Jul 18, 2022
CVSS 9.8
EPSS 0.08
CVE-2022-36127
HIGH
Apache SkyWalking NodeJS Agent <0.5.1 - DoS
Jul 18, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-33891
HIGH
KEVNUCLEI
Apache Spark UI - Privilege Escalation
Jul 18, 2022
CVSS 8.8
EPSS 0.93
CVE-2022-31781
HIGH
Apache Tapestry < 5.8.2 - Regular Expression Denial of Service in ContentType Class
Jul 13, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-28889
MEDIUM
Apache Druid < 0.23.0 - Clickjacking via Missing Content-Security-Policy Header
Jul 07, 2022
CVSS 4.3
EPSS 0.02
CVE-2022-33980
CRITICAL
Apache Commons Configuration <2.8 - RCE
Jul 06, 2022
CVSS 9.8
EPSS 0.43
CVE-2022-32533
CRITICAL
Apache Jetspeed - Cross-Site Scripting via Untrusted User Input
Jul 06, 2022
CVSS 9.8
EPSS 0.04
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters