apache

2,902 tracked vulnerabilities.

CVE-2021-29425 MEDIUM
Apache Commons IO - Path Traversal via FileNameUtils.normalize
Apr 13, 2021
CVSS 4.8
EPSS 0.00
CVE-2021-29262 HIGH
Apache Solr < 8.8.2 - Insufficiently Protected Credentials in ZkACLProvider
Apr 13, 2021
CVSS 7.5
EPSS 0.26
CVE-2021-27905 CRITICAL NUCLEI
Apache Solr < 8.8.2 - Server-Side Request Forgery via ReplicationHandler masterUrl Parameter
Apr 13, 2021
CVSS 9.8
EPSS 0.94
CVE-2021-22696 HIGH
Apache CXF < 3.3.10 and 3.4.0-3.4.3 - Server-Side Request Forgery via OAuth 2 request_uri Parameter
Apr 02, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-28163 LOW
NetApp Cloud Manager - Exposure of Sensitive Information via Symlink Webapps Directory
Apr 01, 2021
CVSS 2.7
EPSS 0.00
CVE-2021-28657 MEDIUM
Apache Tika <= 1.25 - Denial of Service via MP3 Parser Infinite Loop
Mar 31, 2021
CVSS 5.5
EPSS 0.00
CVE-2021-26919 HIGH
Apache Druid < 0.20.2 - Remote Code Execution via MySQL JDBC Driver Properties
Mar 30, 2021
CVSS 8.8
EPSS 0.79
CVE-2021-21351 MEDIUM NUCLEI
Oracle Banking Platform < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 5.4
EPSS 0.92
CVE-2021-21350 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 5.3
EPSS 0.09
CVE-2021-21349 MEDIUM
Netapp Oncommand Insight < 5.15.14 - SSRF
Mar 23, 2021
CVSS 6.1
EPSS 0.07
CVE-2021-21348 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-21347 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 6.1
EPSS 0.03
CVE-2021-21346 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 6.1
EPSS 0.04
CVE-2021-21345 MEDIUM NUCLEI
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 5.8
EPSS 0.88
CVE-2021-21344 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 5.3
EPSS 0.31
CVE-2021-21343 MEDIUM
XStream <1.4.16 - Code Injection
Mar 23, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-21342 MEDIUM
Netapp Oncommand Insight < 5.15.14 - SSRF
Mar 23, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-21341 HIGH
NetApp OnCommand Insight - Denial of Service via XStream Deserialization
Mar 23, 2021
CVSS 7.5
EPSS 0.27
CVE-2021-26295 CRITICAL NUCLEI
Apache OFBiz SOAP Java Deserialization
Mar 22, 2021
CVSS 9.8
EPSS 0.94
CVE-2021-27906 MEDIUM
Apache PDFBox <2.0.22 - Memory Corruption
Mar 19, 2021
CVSS 5.5
EPSS 0.01
CVE-2021-27807 MEDIUM
Apache PDFBox <2.0.22 - Info Disclosure
Mar 19, 2021
CVSS 5.5
EPSS 0.00
CVE-2021-27576 HIGH
Apache OpenMeetings 4.0.0-5.x - Denial of Service via NetTest Web Service
Mar 15, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-21295 MEDIUM
Netty < 4.1.60 - HTTP Request Smuggling via HTTP/2 to HTTP/1.1 Conversion
Mar 09, 2021
CVSS 5.9
EPSS 0.00
CVE-2021-27907 MEDIUM
Apache Superset <=0.38.0 - Stored XSS
Mar 05, 2021
CVSS 5.4
EPSS 0.03
CVE-2021-25329 HIGH
Apache Tomcat <10.0.0, 9.0.42+, 8.5.62+, 7.0.108+ - RCE
Mar 01, 2021
CVSS 7.0
EPSS 0.01
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV