apache

3,092 tracked vulnerabilities.

CVE-2022-32532 CRITICAL
Apache Shiro < 1.9.1 - Authorization Bypass via RegexRequestMatcher Misconfiguration
Jun 29, 2022
CVSS 9.8
EPSS 0.25
CVE-2022-33879 LOW
Apache Tika < 1.28.4 - Denial of Service via StandardsExtractingContentHandler Regex
Jun 27, 2022
CVSS 3.3
EPSS 0.02
CVE-2022-26477 HIGH
Apache SystemDS < 2.2.1 - Uncontrolled Resource Consumption via For Loop Termination Condition
Jun 27, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-34305 MEDIUM NUCLEI
Apache Tomcat 8.5.50-8.5.81, 10.1.0-M1-10.1.0-M16 - Cross-Site Scripting in Form Authentication Example
Jun 23, 2022
CVSS 6.1
EPSS 0.06
CVE-2022-32549 MEDIUM
Apache Sling Commons Log <= 5.4.0 & Apache Sling API <= 2.25.0 - Co...
Jun 22, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-33140 HIGH
Apache NiFi <1.16.2 - Command Injection
Jun 15, 2022
CVSS 8.8
EPSS 0.04
CVE-2022-25167 CRITICAL
Apache Flume 1.4.0-1.9.0 - Remote Code Execution via JMS Source JNDI LDAP URI
Jun 14, 2022
CVSS 9.8
EPSS 0.05
CVE-2022-31813 CRITICAL
Apache HTTP Server < 2.4.54 - Insufficient Verification of Data Authenticity via X-Forwarded-* Headers
Jun 09, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-30556 HIGH
Apache HTTP Server < 2.4.54 - Exposure of Sensitive Information via Buffer Length Mismanagement
Jun 09, 2022
CVSS 7.5
EPSS 0.05
CVE-2022-30522 HIGH
Apache HTTP Server 2.4.53 - Denial of Service via mod_sed Large Input Transformation
Jun 09, 2022
CVSS 7.5
EPSS 0.90
CVE-2022-29404 HIGH
Apache HTTP Server < 2.4.53 - Denial of Service via Lua Script r:parsebody(0)
Jun 09, 2022
CVSS 7.5
EPSS 0.06
CVE-2022-28615 CRITICAL
Apache HTTP Server <2.4.53 - Info Disclosure
Jun 09, 2022
CVSS 9.1
EPSS 0.06
CVE-2022-28614 MEDIUM
Apache HTTP Server <2.4.53 - Memory Corruption
Jun 09, 2022
CVSS 5.3
EPSS 0.04
CVE-2022-28330 MEDIUM
Apache HTTP Server <2.4.53 - Buffer Overflow
Jun 09, 2022
CVSS 5.3
EPSS 0.03
CVE-2022-26377 HIGH
Apache HTTP Server 2.4.0-2.4.53 - HTTP Request Smuggling via mod_proxy_ajp
Jun 09, 2022
CVSS 7.5
EPSS 0.19
CVE-2022-24969 MEDIUM
Apache Dubbo < 2.6.12 and 2.7.0-2.7.14 - Server-Side Request Forgery via parseURL Method
Jun 09, 2022
CVSS 6.1
EPSS 0.02
CVE-2022-30973 MEDIUM
Apache Tika < 1.28.3 - Denial of Service via StandardsText Regular Expression Backtracking
May 31, 2022
CVSS 5.5
EPSS 0.02
CVE-2022-29405 MEDIUM
Apache Archiva < 2.2.8 - Authenticated Password Reset for Arbitrary Users
May 25, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-29599 CRITICAL
Apache Maven maven-shared-utils <3.3.3 - Command Injection
May 23, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-26650 HIGH
Apache ShenYu 2.4.0-2.4.2 - Denial of Service via RegexPredicateJudge
May 17, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-30126 MEDIUM
Apache Tika < 1.28.2 - Denial of Service via StandardsExtractingContentHandler
May 16, 2022
CVSS 5.5
EPSS 0.03
CVE-2022-25169 MEDIUM
Apache Tika < 1.28.2 - Denial of Service via BPG Parser
May 16, 2022
CVSS 5.5
EPSS 0.02
CVE-2022-25762 HIGH
Apache Tomcat 8.5.0-8.5.75 and 9.0.0.M1-9.0.20 - Improper Resource Shutdown or Release in WebSocket Connection Handling
May 13, 2022
CVSS 8.6
EPSS 0.08
CVE-2022-29885 HIGH
Apache Tomcat 8.5.38-8.5.78 and 10.1.0-M1-10.1.0-M14 - Denial of Service via EncryptInterceptor
May 12, 2022
CVSS 7.5
EPSS 0.73
CVE-2022-28890 CRITICAL
Apache Jena <4.4.0 - Info Disclosure
May 05, 2022
CVSS 9.8
EPSS 0.02