apache

2,902 tracked vulnerabilities.

CVE-2020-13927 CRITICAL KEVNUCLEI
Apache Airflow < 1.10.11 - Unauthenticated Remote Code Execution via Experimental API
Nov 10, 2020
CVSS 9.8
EPSS 0.94
CVE-2020-17510 CRITICAL
Apache Shiro < 1.7.0 - Authentication Bypass via Crafted HTTP Request
Nov 05, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-27216 HIGH
Eclipse Jetty <9.4.32.v20200930, 10.0.0.alpha1-11.0.0.beta2 - Info ...
Oct 23, 2020
CVSS 7.0
EPSS 0.00
CVE-2020-13937 MEDIUM NUCLEI
Apache Kylin <4.0.0 - Info Disclosure
Oct 19, 2020
CVSS 5.3
EPSS 0.93
CVE-2020-13957 CRITICAL
Apache Solr 6.6.0-6.6.6 7.0.0-7.7.3 8.0.0-8.6.2 - Unauthenticated ConfigSet Upload Bypass
Oct 13, 2020
CVSS 9.8
EPSS 0.85
CVE-2020-15250 MEDIUM
JUnit4 4.7-4.13 - Local Information Disclosure via TemporaryFolder Rule
Oct 12, 2020
CVSS 4.4
EPSS 0.00
CVE-2020-13943 MEDIUM
Apache Tomcat 10.0.0-M1-10.0.0-M7,9.0.0.M1-9.0.37,8.5.0-8.5.57 - In...
Oct 12, 2020
CVSS 4.3
EPSS 0.10
CVE-2020-13955 MEDIUM
Apache Calcite < 1.26 - Improper Certificate Validation in HttpUtils#getURLConnection
Oct 09, 2020
CVSS 5.9
EPSS 0.01
CVE-2020-9491 HIGH
Apache NiFi 1.2.0-1.11.4 - Use of a Broken or Risky Cryptographic Algorithm
Oct 01, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-9487 HIGH
Apache NiFi 1.0.0-1.11.4 - Unauthenticated Denial of Service via Download Token Flooding
Oct 01, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-9486 HIGH
Apache NiFi 1.10.0-1.11.4 - Sensitive Information Disclosure in Stateless Execution Engine Logs
Oct 01, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-13940 MEDIUM
Apache NiFi 1.0.0-1.11.4 - XML External Entity Injection via Malicious XML Configuration
Oct 01, 2020
CVSS 5.5
EPSS 0.01
CVE-2020-11979 HIGH
Apache Ant <1.10.8 - Code Injection
Oct 01, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-13952 HIGH
Apache Superset < 0.37.2 - Authenticated Information Disclosure and Security Bypass
Sep 30, 2020
CVSS 8.1
EPSS 0.00
CVE-2020-13953 MEDIUM
Apache Tapestry <5.5.0 - Info Disclosure
Sep 30, 2020
CVSS 5.3
EPSS 0.02
CVE-2020-13951 HIGH
Apache OpenMeetings 4.0.0-5.0.0 - Denial of Service via NetTest Web Service
Sep 30, 2020
CVSS 7.5
EPSS 0.73
CVE-2020-13944 MEDIUM
Apache Airflow < 1.10.12 - Cross-Site Scripting via Origin Parameter
Sep 17, 2020
CVSS 6.1
EPSS 0.17
CVE-2020-13948 HIGH
Apache Superset <0.37.1 - Privilege Escalation
Sep 17, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-13928 MEDIUM
Apache Atlas < 2.1.0 - Stored Cross-Site Scripting via Search and Element Rendering
Sep 16, 2020
CVSS 6.1
EPSS 0.02
CVE-2020-11977 HIGH
Apache Syncope 2.1.0-2.1.6 - Authenticated Remote Code Execution via Flowable Shell Service Task
Sep 15, 2020
CVSS 7.2
EPSS 0.01
CVE-2020-11991 HIGH NUCLEI
Apache Cocoon 2.1.12 - XML Injection
Sep 11, 2020
CVSS 7.5
EPSS 0.93
CVE-2020-13920 MEDIUM
Apache ActiveMQ < 5.15.12 - Unauthenticated JMX RMI Registry Manipulation
Sep 10, 2020
CVSS 5.9
EPSS 0.00
CVE-2020-11998 CRITICAL
Apache ActiveMQ JMX RMIConnectorServer - Remote Code Execution
Sep 10, 2020
CVSS 9.8
EPSS 0.07
CVE-2020-11986 CRITICAL
Apache NetBeans <12.0 - Code Injection
Sep 09, 2020
CVSS 9.8
EPSS 0.05
CVE-2020-13946 MEDIUM
Apache Cassandra < 2.1.22, 2.2.18, 3.0.22, 3.11.8, 4.0-beta2 - Credential Exposure via JMX RMI
Sep 01, 2020
CVSS 5.9
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV