apache

2,902 tracked vulnerabilities.

CVE-2021-25122 HIGH
Apache Tomcat <10.0.0,9.0.41,8.5.61 - Info Disclosure
Mar 01, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-26544 MEDIUM
Apache Livy 0.7.0-incubating - Cross-Site Scripting in Session Name
Feb 20, 2021
CVSS 5.4
EPSS 0.02
CVE-2021-26296 HIGH
Apache MyFaces 2.2.0-2.2.13, 2.3.0-2.3.7, 3.0.0-RC1 CSRF via Weak Token Generation
Feb 19, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-26697 MEDIUM
Apache Airflow 2.0.0 - Unauthenticated Improper Privilege Management via Experimental API Lineage Endpoint
Feb 17, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-26559 MEDIUM
Apache Airflow 2.0.0 - Improper Access Control in Configurations Endpoint
Feb 17, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-21315 HIGH KEVNUCLEI
systeminformation < 5.3.1 - OS Command Injection via Service Parameter Handling
Feb 16, 2021
CVSS 7.1
EPSS 0.94
CVE-2021-25646 HIGH NUCLEI
Apache Druid < 0.20.0 - Authenticated Remote Code Execution via JavaScript Code Injection
Jan 29, 2021
CVSS 8.8
EPSS 0.94
CVE-2021-26118 HIGH
Apache ActiveMQ Artemis < 2.16.0 - Improper Access Control via OpenWire Advisory Message Creation
Jan 27, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-26117 HIGH
Apache ActiveMQ 5.15.0-5.15.13 and 5.16.0 - Improper Authentication via LDAP Anonymous Bind
Jan 27, 2021
CVSS 7.5
EPSS 0.10
CVE-2021-23901 CRITICAL
Apache Nutch < 1.18 - XML External Entity Injection in DmozParser
Jan 25, 2021
CVSS 9.1
EPSS 0.01
CVE-2021-20190 HIGH
jackson-databind < 2.9.10.7 - Deserialization of Untrusted Data
Jan 19, 2021
CVSS 8.1
EPSS 0.01
CVE-2021-24122 MEDIUM
Apache Tomcat 7.0.0-7.0.106, 8.5.0-8.5.59, 9.0.0.M1-9.0.39, 10.0.0-M1-10.0.0-M9 - JSP Source Code Disclosure
Jan 14, 2021
CVSS 5.9
EPSS 0.61
CVE-2021-23926 CRITICAL
Apache XMLBeans <= 2.6.0 - XML External Entity Injection
Jan 14, 2021
CVSS 9.1
EPSS 0.00
CVE-2020-13929 HIGH
Apache Zeppelin < 0.9.0 - Authentication Bypass
Sep 02, 2021
CVSS 7.5
EPSS 0.00
CVE-2020-9493 CRITICAL
Apache Chainsaw < 2.1.0 - Remote Code Execution via Deserialization
Jun 16, 2021
CVSS 9.8
EPSS 0.00
CVE-2020-35452 HIGH
Apache HTTP Server 2.4.0-2.4.46 - Out-of-bounds Write in mod_auth_digest via Digest Nonce
Jun 10, 2021
CVSS 7.3
EPSS 0.10
CVE-2020-13950 HIGH
Apache HTTP Server 2.4.41-2.4.46 - Denial of Service via Crafted Content-Length and Transfer-Encoding Headers
Jun 10, 2021
CVSS 7.5
EPSS 0.22
CVE-2020-13938 MEDIUM
Apache HTTP Server 2.4.0-2.4.46 - Unauthenticated Denial of Service via Local Stop Command
Jun 10, 2021
CVSS 5.5
EPSS 0.00
CVE-2020-17514 HIGH
Apache Fineract <1.5.0 - Info Disclosure
May 27, 2021
CVSS 7.4
EPSS 0.01
CVE-2020-17517 HIGH
Apache Ozone <1.1.0 - Info Disclosure
Apr 27, 2021
CVSS 7.5
EPSS 0.00
CVE-2020-23922 HIGH
giflib < 5.1.4 - Heap-Based Buffer Over-Read in DumpScreen2RGB
Apr 21, 2021
CVSS 7.1
EPSS 0.02
CVE-2020-1946 CRITICAL
Apache SpamAssassin < 3.4.5 - OS Command Injection via Rule Configuration Files
Mar 25, 2021
CVSS 9.8
EPSS 0.01
CVE-2020-17525 HIGH
Subversion 1.9.0-1.10.6 - Denial of Service via Non-Existing Repository URL
Mar 17, 2021
CVSS 7.5
EPSS 0.18
CVE-2020-13924 HIGH
Apache Ambari < 2.6.2.2 - Path Traversal
Mar 17, 2021
CVSS 7.5
EPSS 0.01
CVE-2020-1926 MEDIUM
Apache Hive <2.3.8 - Info Disclosure
Mar 16, 2021
CVSS 5.9
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV