Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / apache

apache

2,902 tracked vulnerabilities.

CVE-2021-31812 MEDIUM

Apache PDFBox 2.0.0-2.0.23 - Denial of Service via Infinite Loop

CVE-2021-31811 MEDIUM

Apache PDFBox 2.0.0-2.0.23 - Denial of Service via Crafted PDF File

CVE-2021-30641 MEDIUM

Apache HTTP Server <2.4.47 - Path Traversal

CVE-2021-26691 CRITICAL

Apache HTTP Server 2.4.0-2.4.46 - Heap-based Buffer Overflow via SessionHeader

CVE-2021-26690 HIGH

Apache HTTP Server 2.4.0-2.4.46 - Denial of Service via Crafted Cookie Header in mod_session

CVE-2021-33190 MEDIUM

Apache APISIX Dashboard <2.6.1 - Info Disclosure

CVE-2021-29621 MEDIUM

Flask-AppBuilder <= 3.2.3 - Unauthenticated User Enumeration via Timing Attack

CVE-2021-30181 CRITICAL

Apache Dubbo 2.5.0-2.6.8 and 2.5.0-2.7.8 - Remote Code Execution via Script Routing Rule Parsing

CVE-2021-30180 CRITICAL

Apache Dubbo < 2.7.10 - Remote Code Execution via Tag Routing YAML Parsing

CVE-2021-30179 CRITICAL

Apache Dubbo 2.5.0-2.5.9, 2.6.0-2.6.8, 2.7.0-2.7.9 - Deserialization of Untrusted Data via GenericFilter

CVE-2021-25641 CRITICAL

Apache Dubbo 2.5.0-2.6.8 & 2.7.0-2.7.7 Unauthenticated Deserialization via Serialization ID Tampering

CVE-2021-25640 MEDIUM

Apache Dubbo 2.5.0-2.6.8 and 2.7.0-2.7.9 - Server-Side Request Forgery via parseURL Host Check Bypass

CVE-2021-22160 CRITICAL

Apache Pulsar < 2.7.1 and 2.7.2 - Unauthenticated Authentication Bypass via JWT None Algorithm

CVE-2021-23937 HIGH

Apache Wicket 6.0.0-6.2.0, 7.0.0-7.17.0, 8.0.0-8.11.0, 9.0.0-9.2.0 DNS Amplification via X-Forwarded-For

CVE-2021-27737 HIGH

Apache Traffic Server 9.0.0 - Denial of Service in Slicer Plugin

CVE-2021-31164 HIGH

Apache Unomi <1.5.5 - Info Disclosure

CVE-2021-28359 MEDIUM

Apache Airflow <1.10.15 & <2.0.2 - XSS

CVE-2021-30128 CRITICAL NUCLEI

Apache OFBiz <17.12.07 - Deserialization

CVE-2021-29200 CRITICAL NUCLEI

Apache OFBiz < 17.12.07 - Unauthenticated Remote Code Execution via Unsafe Deserialization

CVE-2021-30638 HIGH

Apache Tapestry <5.6.3, <5.7.0-5.7.1 - Info Disclosure

CVE-2021-28125 MEDIUM

Apache Superset <= 1.0.1 - Open Redirect

CVE-2021-26291 CRITICAL

Apache Maven < 3.8.1 - Repository Origin Validation Error via POM Dependency References

CVE-2021-30245 HIGH

Apache OpenOffice <4.1.8 - Code Injection

CVE-2021-27850 CRITICAL NUCLEI

Apache Tapestry 5.4.0-5.6.2 and 5.7.0 - Unauthenticated Remote Code Execution via Asset File URL Blacklist Bypass

CVE-2021-29943 CRITICAL

Apache Solr < 8.8.2 - Incorrect Authorization via ConfigurableInternodeAuthHadoopPlugin

Previous Page 53 of 117 Next

Products

http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy