apache

3,092 tracked vulnerabilities.

CVE-2022-29265 HIGH
Apache NiFi 0.0.1-1.16.0 - XML External Entity Injection in Standard Content Viewer and Processors
Apr 30, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-23942 HIGH
Apache Doris <1.0.0 - Info Disclosure
Apr 26, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-24706 CRITICAL KEVNUCLEI
Apache Couchdb Erlang RCE
Apr 26, 2022
CVSS 9.8
EPSS 0.93
CVE-2022-29266 HIGH
Apache APISIX <3.13.1 - Info Disclosure
Apr 20, 2022
CVSS 7.5
EPSS 0.08
CVE-2022-27479 CRITICAL
Apache Superset < 1.4.2 - SQL Injection in Chart Data Requests
Apr 13, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-24070 HIGH
Subversion mod_dav_svn <1.14.1 - Memory Corruption
Apr 12, 2022
CVSS 7.5
EPSS 0.09
CVE-2022-26612 CRITICAL
Apache Hadoop < 3.2.3 - Arbitrary File Write via Symlink Bypass on Windows
Apr 07, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-26850 MEDIUM
Apache NiFi <1.16.0 - Info Disclosure
Apr 06, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-23974 HIGH
Apache Pinot < 0.10.0 - Denial of Service via Segment Upload Path
Apr 05, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-25598 HIGH
Apache DolphinScheduler < 2.0.5 - Regular Expression Denial of Service in User Registration
Mar 30, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-25757 CRITICAL
Apache APISIX < 2.13.0 - Request Body Validation Bypass via Duplicate JSON Keys
Mar 28, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-26779 HIGH
Apache CloudStack <4.16.1.0 - Info Disclosure
Mar 15, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-23943 CRITICAL
Apache HTTP Server <2.4.52 - Memory Corruption
Mar 14, 2022
CVSS 9.8
EPSS 0.50
CVE-2022-22721 CRITICAL
Apache HTTP Server < 2.4.52 - Integer Overflow via Large Request Body Handling
Mar 14, 2022
CVSS 9.1
EPSS 0.42
CVE-2022-22720 CRITICAL
Apache HTTP Server < 2.4.52 - HTTP Request Smuggling via Inbound Connection Handling
Mar 14, 2022
CVSS 9.8
EPSS 0.28
CVE-2022-22719 HIGH
Apache HTTP Server <2.4.52 - Memory Corruption
Mar 14, 2022
CVSS 7.5
EPSS 0.70
CVE-2022-25312 CRITICAL
Apache Any23 < 2.7 - XML External Entity Injection in RDFa XSLTStylesheet Extractor
Mar 05, 2022
CVSS 9.1
EPSS 0.03
CVE-2022-26336 MEDIUM
Apache POI <5.2.0 - Memory Corruption
Mar 04, 2022
CVSS 5.5
EPSS 0.02
CVE-2022-24948 MEDIUM
Apache JSPWiki < 2.11.2 - Stored Cross-Site Scripting via User Preferences Screen
Feb 25, 2022
CVSS 6.1
EPSS 0.02
CVE-2022-24947 HIGH
Apache JSPWiki < 2.11.2 - Cross-Site Request Forgery in User Preferences Form
Feb 25, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-24288 HIGH NUCLEI
Apache Airflow <2.2.4 - Command Injection
Feb 25, 2022
CVSS 8.8
EPSS 0.78
CVE-2022-24289 HIGH
Apache Cayenne <4.1 - Code Injection
Feb 11, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-24112 CRITICAL KEVNUCLEI
APISIX Admin API default access token RCE
Feb 11, 2022
CVSS 9.8
EPSS 0.96
CVE-2022-22931 MEDIUM
Apache James < 3.6.2 - Path Traversal in Maildir Mailbox Store and Sieve File Repository
Feb 07, 2022
CVSS 4.3
EPSS 0.02
CVE-2022-23206 HIGH
Apache Traffic Control < 5.1.6 and 6.0.0-6.1.0 - Server-Side Request Forgery via OAuth Login Endpoint
Feb 06, 2022
CVSS 7.5
EPSS 0.02