apache
3,092 tracked vulnerabilities.
CVE-2022-29265
HIGH
Apache NiFi 0.0.1-1.16.0 - XML External Entity Injection in Standard Content Viewer and Processors
Apr 30, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-23942
HIGH
Apache Doris <1.0.0 - Info Disclosure
Apr 26, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-24706
CRITICAL
KEVNUCLEI
Apache Couchdb Erlang RCE
Apr 26, 2022
CVSS 9.8
EPSS 0.93
CVE-2022-29266
HIGH
Apache APISIX <3.13.1 - Info Disclosure
Apr 20, 2022
CVSS 7.5
EPSS 0.08
CVE-2022-27479
CRITICAL
Apache Superset < 1.4.2 - SQL Injection in Chart Data Requests
Apr 13, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-24070
HIGH
Subversion mod_dav_svn <1.14.1 - Memory Corruption
Apr 12, 2022
CVSS 7.5
EPSS 0.09
CVE-2022-26612
CRITICAL
Apache Hadoop < 3.2.3 - Arbitrary File Write via Symlink Bypass on Windows
Apr 07, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-26850
MEDIUM
Apache NiFi <1.16.0 - Info Disclosure
Apr 06, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-23974
HIGH
Apache Pinot < 0.10.0 - Denial of Service via Segment Upload Path
Apr 05, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-25598
HIGH
Apache DolphinScheduler < 2.0.5 - Regular Expression Denial of Service in User Registration
Mar 30, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-25757
CRITICAL
Apache APISIX < 2.13.0 - Request Body Validation Bypass via Duplicate JSON Keys
Mar 28, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-26779
HIGH
Apache CloudStack <4.16.1.0 - Info Disclosure
Mar 15, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-23943
CRITICAL
Apache HTTP Server <2.4.52 - Memory Corruption
Mar 14, 2022
CVSS 9.8
EPSS 0.50
CVE-2022-22721
CRITICAL
Apache HTTP Server < 2.4.52 - Integer Overflow via Large Request Body Handling
Mar 14, 2022
CVSS 9.1
EPSS 0.42
CVE-2022-22720
CRITICAL
Apache HTTP Server < 2.4.52 - HTTP Request Smuggling via Inbound Connection Handling
Mar 14, 2022
CVSS 9.8
EPSS 0.28
CVE-2022-22719
HIGH
Apache HTTP Server <2.4.52 - Memory Corruption
Mar 14, 2022
CVSS 7.5
EPSS 0.70
CVE-2022-25312
CRITICAL
Apache Any23 < 2.7 - XML External Entity Injection in RDFa XSLTStylesheet Extractor
Mar 05, 2022
CVSS 9.1
EPSS 0.03
CVE-2022-26336
MEDIUM
Apache POI <5.2.0 - Memory Corruption
Mar 04, 2022
CVSS 5.5
EPSS 0.02
CVE-2022-24948
MEDIUM
Apache JSPWiki < 2.11.2 - Stored Cross-Site Scripting via User Preferences Screen
Feb 25, 2022
CVSS 6.1
EPSS 0.02
CVE-2022-24947
HIGH
Apache JSPWiki < 2.11.2 - Cross-Site Request Forgery in User Preferences Form
Feb 25, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-24288
HIGH
NUCLEI
Apache Airflow <2.2.4 - Command Injection
Feb 25, 2022
CVSS 8.8
EPSS 0.78
CVE-2022-24289
HIGH
Apache Cayenne <4.1 - Code Injection
Feb 11, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-24112
CRITICAL
KEVNUCLEI
APISIX Admin API default access token RCE
Feb 11, 2022
CVSS 9.8
EPSS 0.96
CVE-2022-22931
MEDIUM
Apache James < 3.6.2 - Path Traversal in Maildir Mailbox Store and Sieve File Repository
Feb 07, 2022
CVSS 4.3
EPSS 0.02
CVE-2022-23206
HIGH
Apache Traffic Control < 5.1.6 and 6.0.0-6.1.0 - Server-Side Request Forgery via OAuth Login Endpoint
Feb 06, 2022
CVSS 7.5
EPSS 0.02
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters