apache
3,092 tracked vulnerabilities.
CVE-2021-32609
MEDIUM
Apache Superset <= 1.1 - Stored Cross-Site Scripting in Explore Page Chart Title
Oct 18, 2021
CVSS 5.4
EPSS 0.02
CVE-2021-42340
HIGH
Apache Tomcat 8.5.60-8.5.71, 9.0.40-9.0.53, 10.0.0-M1-10.0.11, 10.1.0-M1-10.1.0-M5 Memory Leak via WebSocket
Oct 14, 2021
CVSS 7.5
EPSS 0.11
CVE-2021-38295
HIGH
Apache CouchDB - Privilege Escalation
Oct 14, 2021
CVSS 7.3
EPSS 0.02
CVE-2021-42009
MEDIUM
Apache Traffic Control < 5.1.3 - Authenticated Arbitrary Email Spoofing via Delivery Service Request Endpoint
Oct 12, 2021
CVSS 4.3
EPSS 0.03
CVE-2021-41832
HIGH
Apache OpenOffice < 4.1.11 - Cryptographic Signature Verification Bypass
Oct 11, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-41831
MEDIUM
Apache OpenOffice < 4.1.11 - Cryptographic Signature Timestamp Manipulation
Oct 11, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-41830
HIGH
Apache OpenOffice < 4.1.11 - Cryptographic Signature Verification Bypass
Oct 11, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-42013
CRITICAL
KEVNUCLEI
Apache HTTP Server 2.4.49-2.4.50 - Path Traversal and Remote Code Execution via Alias-like Directives
Oct 07, 2021
CVSS 9.8
EPSS 1.00
CVE-2021-40439
MEDIUM
Apache OpenOffice < 4.1.10 - XML External Entity Injection via Crafted ODF Files
Oct 07, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-28129
HIGH
Apache OpenOffice <4.1.8 - Info Disclosure
Oct 07, 2021
CVSS 7.8
EPSS 0.01
CVE-2021-41773
CRITICAL
KEVNUCLEI
Apache 2.4.49/2.4.50 Traversal RCE
Oct 05, 2021
CVSS 9.8
EPSS 1.00
CVE-2021-41524
HIGH
Apache HTTP Server 2.4.49 - Denial of Service via HTTP/2 Request Processing
Oct 05, 2021
CVSS 7.5
EPSS 0.25
CVE-2021-41616
CRITICAL
Apache DB DdlUtils 1.0 - Deserialization of Untrusted Data via BinaryObjectsHelper
Sep 30, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-36749
MEDIUM
NUCLEI
Apache Druid < 0.22.0 - Authenticated Arbitrary File Read via HTTP InputSource
Sep 24, 2021
CVSS 6.5
EPSS 0.81
CVE-2021-33035
HIGH
Apache OpenOffice <= 4.1.10 - Remote Code Execution via DBF Field Size Overflow
Sep 23, 2021
CVSS 7.8
EPSS 0.51
CVE-2021-38153
MEDIUM
Apache Kafka <2.8.1-2.8.0 - Timing Attack
Sep 22, 2021
CVSS 5.9
EPSS 0.06
CVE-2021-40690
HIGH
Apache Santuario XML Security for Java < 2.1.7 - Sensitive Information Exposure via XPath Transform
Sep 19, 2021
CVSS 7.5
EPSS 0.11
CVE-2021-41303
CRITICAL
Apache Shiro < 1.8.0 - Authentication Bypass via Spring Boot Integration
Sep 17, 2021
CVSS 9.8
EPSS 0.77
CVE-2021-41079
HIGH
Apache Tomcat 8.5.0-8.5.63 9.0.0-M1-9.0.43 10.0.0-M1-10.0.2 - Denial of Service via TLS Packet Validation Bypass
Sep 16, 2021
CVSS 7.5
EPSS 0.07
CVE-2021-40438
CRITICAL
KEVNUCLEI
Apache HTTP Server <2.4.48 - SSRF
Sep 16, 2021
CVSS 9.0
EPSS 1.00
CVE-2021-39275
CRITICAL
Apache HTTP Server < 2.4.49 - Out-of-bounds Write in ap_escape_quotes()
Sep 16, 2021
CVSS 9.8
EPSS 0.36
CVE-2021-39239
HIGH
Apache Jena < 4.1.0 - XML External Entity Injection
Sep 16, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-36160
HIGH
Apache HTTP Server 2.4.30-2.4.48 - Denial of Service via mod_proxy_uwsgi URI Path
Sep 16, 2021
CVSS 7.5
EPSS 0.63
CVE-2021-34798
HIGH
Apache HTTP Server < 2.4.48 - NULL Pointer Dereference
Sep 16, 2021
CVSS 7.5
EPSS 0.65
CVE-2021-40146
CRITICAL
Apache Any23 < 2.5 - Remote Code Execution in YAMLExtractor
Sep 11, 2021
CVSS 9.8
EPSS 0.06
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
geode 23
spark 22
wicket 22
zeppelin 22
ranger 21
Quick Filters