apache
3,092 tracked vulnerabilities.
CVE-2021-27738
HIGH
Apache Kylin <3.1.2 - Coordinator API Access and Server-Side Request Forgery
Jan 06, 2022
CVSS 7.5
EPSS 0.03
CVE-2021-36739
MEDIUM
Apache Pluto 3.1.0 - Cross-Site Scripting in MVCBean JSP Portlet Archetype
Jan 06, 2022
CVSS 6.1
EPSS 0.02
CVE-2021-36738
MEDIUM
Apache Pluto < 3.1.1 - Cross-Site Scripting in Applicant MVCBean CDI Portlet
Jan 06, 2022
CVSS 6.1
EPSS 0.02
CVE-2021-36737
MEDIUM
Apache Pluto < 3.1.1 - Cross-Site Scripting in UrlTestPortlet Input Fields
Jan 06, 2022
CVSS 6.1
EPSS 0.02
CVE-2021-40525
CRITICAL
Apache James <3.6.1 - Path Traversal
Jan 04, 2022
CVSS 9.1
EPSS 0.04
CVE-2021-40111
MEDIUM
Apache James < 3.6.1 - Authenticated Denial of Service via Crafted IMAP APPEND and STATUS Commands
Jan 04, 2022
CVSS 6.5
EPSS 0.02
CVE-2021-40110
HIGH
Apache James < 3.6.1 - Denial of Service via IMAP LIST Command Regular Expression
Jan 04, 2022
CVSS 7.5
EPSS 0.03
CVE-2021-38542
MEDIUM
Apache James <3.6.1 - Command Injection
Jan 04, 2022
CVSS 5.9
EPSS 0.02
CVE-2021-34797
HIGH
Apache Geode < 1.12.4 and 1.13.4 - Sensitive Information Exposure in Log Files
Jan 04, 2022
CVSS 7.5
EPSS 0.03
CVE-2021-44832
MEDIUM
Apache Log4j 2.0-beta7-2.17.0 - Remote Code Execution via JDBC Appender JNDI LDAP Data Source
Dec 28, 2021
CVSS 6.6
EPSS 0.98
CVE-2021-45232
CRITICAL
NUCLEI
Apache APISIX Dashboard < 2.10.1 - Unauthenticated API Access via Gin Framework Bypass
Dec 27, 2021
CVSS 9.8
EPSS 0.86
CVE-2021-44548
CRITICAL
Apache Solr < 8.11.1 - Path Traversal via DataImportHandler Windows UNC Path
Dec 23, 2021
CVSS 9.8
EPSS 0.05
CVE-2021-44790
CRITICAL
Apache HTTP Server < 2.4.52 - Buffer Overflow in mod_lua Multipart Parser
Dec 20, 2021
CVSS 9.8
EPSS 0.97
CVE-2021-44224
HIGH
Apache HTTP Server 2.4.7-2.4.51 - NULL Pointer Dereference and Server-Side Request Forgery via Forward Proxy
Dec 20, 2021
CVSS 8.2
EPSS 0.82
CVE-2021-41561
HIGH
Apache Parquet-MR 1.9.0-1.11.1 and 1.12.0 - Denial of Service via Malicious Parquet File
Dec 20, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-43083
HIGH
Apache PLC4X - PLC4C <0.9.1 - Buffer Overflow
Dec 19, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-45105
MEDIUM
Apache Log4j 2.0-alpha1-2.16.0 - Denial of Service via Thread Context Map Self-Referential Lookup
Dec 18, 2021
CVSS 5.9
EPSS 1.00
CVE-2021-44145
MEDIUM
Apache NiFi < 1.15.1 - Authenticated Exposure of Sensitive Information via TransformXML Processor
Dec 17, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-45046
CRITICAL
KEVNUCLEI
Apache Log4j < 2.12.2 - Remote Code Execution
Dec 14, 2021
CVSS 9.0
EPSS 1.00
CVE-2021-44549
HIGH
Apache Sling Commons Messaging Mail < 2.0 - Improper Certificate Validation
Dec 14, 2021
CVSS 7.4
EPSS 0.02
CVE-2021-4104
HIGH
Apache Log4j 1.2 - Remote Code Execution via JMSAppender JNDI Requests
Dec 14, 2021
CVSS 7.5
EPSS 0.81
CVE-2021-44228
CRITICAL
KEVNUCLEI
Log4Shell HTTP Header Injection
Dec 10, 2021
CVSS 10.0
EPSS 1.00
CVE-2021-43410
MEDIUM
Apache Airavata Django Portal <3c5d8c7 - Log Injection
Dec 09, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-44140
CRITICAL
Apache JSPWiki < 2.11.0 - Arbitrary File Deletion via Logout Request
Nov 24, 2021
CVSS 9.1
EPSS 0.06
CVE-2021-40369
MEDIUM
Apache JSPWiki < 2.11.0 - Cross-Site Scripting via Denounce Plugin
Nov 24, 2021
CVSS 6.1
EPSS 0.03
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters