apache
3,092 tracked vulnerabilities.
CVE-2022-32532
CRITICAL
Apache Shiro < 1.9.1 - Authorization Bypass via RegexRequestMatcher Misconfiguration
Jun 29, 2022
CVSS 9.8
EPSS 0.25
CVE-2022-33879
LOW
Apache Tika < 1.28.4 - Denial of Service via StandardsExtractingContentHandler Regex
Jun 27, 2022
CVSS 3.3
EPSS 0.02
CVE-2022-26477
HIGH
Apache SystemDS < 2.2.1 - Uncontrolled Resource Consumption via For Loop Termination Condition
Jun 27, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-34305
MEDIUM
NUCLEI
Apache Tomcat 8.5.50-8.5.81, 10.1.0-M1-10.1.0-M16 - Cross-Site Scripting in Form Authentication Example
Jun 23, 2022
CVSS 6.1
EPSS 0.06
CVE-2022-32549
MEDIUM
Apache Sling Commons Log <= 5.4.0 & Apache Sling API <= 2.25.0 - Co...
Jun 22, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-33140
HIGH
Apache NiFi <1.16.2 - Command Injection
Jun 15, 2022
CVSS 8.8
EPSS 0.04
CVE-2022-25167
CRITICAL
Apache Flume 1.4.0-1.9.0 - Remote Code Execution via JMS Source JNDI LDAP URI
Jun 14, 2022
CVSS 9.8
EPSS 0.05
CVE-2022-31813
CRITICAL
Apache HTTP Server < 2.4.54 - Insufficient Verification of Data Authenticity via X-Forwarded-* Headers
Jun 09, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-30556
HIGH
Apache HTTP Server < 2.4.54 - Exposure of Sensitive Information via Buffer Length Mismanagement
Jun 09, 2022
CVSS 7.5
EPSS 0.05
CVE-2022-30522
HIGH
Apache HTTP Server 2.4.53 - Denial of Service via mod_sed Large Input Transformation
Jun 09, 2022
CVSS 7.5
EPSS 0.90
CVE-2022-29404
HIGH
Apache HTTP Server < 2.4.53 - Denial of Service via Lua Script r:parsebody(0)
Jun 09, 2022
CVSS 7.5
EPSS 0.06
CVE-2022-28615
CRITICAL
Apache HTTP Server <2.4.53 - Info Disclosure
Jun 09, 2022
CVSS 9.1
EPSS 0.06
CVE-2022-28614
MEDIUM
Apache HTTP Server <2.4.53 - Memory Corruption
Jun 09, 2022
CVSS 5.3
EPSS 0.04
CVE-2022-28330
MEDIUM
Apache HTTP Server <2.4.53 - Buffer Overflow
Jun 09, 2022
CVSS 5.3
EPSS 0.03
CVE-2022-26377
HIGH
Apache HTTP Server 2.4.0-2.4.53 - HTTP Request Smuggling via mod_proxy_ajp
Jun 09, 2022
CVSS 7.5
EPSS 0.19
CVE-2022-24969
MEDIUM
Apache Dubbo < 2.6.12 and 2.7.0-2.7.14 - Server-Side Request Forgery via parseURL Method
Jun 09, 2022
CVSS 6.1
EPSS 0.02
CVE-2022-30973
MEDIUM
Apache Tika < 1.28.3 - Denial of Service via StandardsText Regular Expression Backtracking
May 31, 2022
CVSS 5.5
EPSS 0.02
CVE-2022-29405
MEDIUM
Apache Archiva < 2.2.8 - Authenticated Password Reset for Arbitrary Users
May 25, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-29599
CRITICAL
Apache Maven maven-shared-utils <3.3.3 - Command Injection
May 23, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-26650
HIGH
Apache ShenYu 2.4.0-2.4.2 - Denial of Service via RegexPredicateJudge
May 17, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-30126
MEDIUM
Apache Tika < 1.28.2 - Denial of Service via StandardsExtractingContentHandler
May 16, 2022
CVSS 5.5
EPSS 0.03
CVE-2022-25169
MEDIUM
Apache Tika < 1.28.2 - Denial of Service via BPG Parser
May 16, 2022
CVSS 5.5
EPSS 0.02
CVE-2022-25762
HIGH
Apache Tomcat 8.5.0-8.5.75 and 9.0.0.M1-9.0.20 - Improper Resource Shutdown or Release in WebSocket Connection Handling
May 13, 2022
CVSS 8.6
EPSS 0.08
CVE-2022-29885
HIGH
Apache Tomcat 8.5.38-8.5.78 and 10.1.0-M1-10.1.0-M14 - Denial of Service via EncryptInterceptor
May 12, 2022
CVSS 7.5
EPSS 0.73
CVE-2022-28890
CRITICAL
Apache Jena <4.4.0 - Info Disclosure
May 05, 2022
CVSS 9.8
EPSS 0.02
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters