apache

2,902 tracked vulnerabilities.

CVE-2020-13933 HIGH
Apache Shiro < 1.6.0 - Authentication Bypass via Specially Crafted HTTP Request
Aug 17, 2020
CVSS 7.5
EPSS 0.81
CVE-2020-13941 HIGH
Apache Solr < 8.6.0 - Unauthenticated Arbitrary File Read and Write via Replication Handler Location Parameter
Aug 17, 2020
CVSS 8.8
EPSS 0.02
CVE-2020-11976 HIGH
Apache Wicket <9.0.0-M5 - Info Disclosure
Aug 11, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-9490 HIGH
Apache HTTP Server 2.4.20-2.4.43 - Denial of Service via Crafted Cache-Digest Header
Aug 07, 2020
CVSS 7.5
EPSS 0.73
CVE-2020-11993 HIGH
Apache HTTP Server 2.4.20-2.4.43 - HTTP Request Smuggling via HTTP/2 Module Logging
Aug 07, 2020
CVSS 7.5
EPSS 0.33
CVE-2020-11985 MEDIUM
Apache HTTP Server 2.4.1-2.4.23 - IP Address Spoofing via mod_remoteip and mod_rewrite
Aug 07, 2020
CVSS 5.3
EPSS 0.15
CVE-2020-11984 CRITICAL NUCLEI
Apache HTTP Server - Remote Code Execution
Aug 07, 2020
CVSS 9.8
EPSS 0.76
CVE-2020-13921 CRITICAL
Apache SkyWalking < 8.1.0 - SQL Injection via Wildcard Query
Aug 05, 2020
CVSS 9.8
EPSS 0.04
CVE-2020-13932 MEDIUM
Apache ActiveMQ Artemis 2.5.0-2.13.0 - Cross-Site Scripting via MQTT Client-ID or Topic Name
Jul 20, 2020
CVSS 6.1
EPSS 0.03
CVE-2020-9485 MEDIUM
Apache Airflow < 1.10.10 - Stored Cross-Site Scripting in Chart Pages
Jul 17, 2020
CVSS 6.1
EPSS 0.02
CVE-2020-11983 MEDIUM
Apache Airflow < 1.10.10 - Authenticated Stored Cross-Site Scripting in RBAC UI
Jul 17, 2020
CVSS 5.4
EPSS 0.00
CVE-2020-11982 CRITICAL
Apache Airflow < 1.10.10 - Remote Code Execution via CeleryExecutor Deserialization
Jul 17, 2020
CVSS 9.8
EPSS 0.06
CVE-2020-11981 CRITICAL NUCLEI
Apache Airflow < 1.10.10 - OS Command Injection via CeleryExecutor
Jul 17, 2020
CVSS 9.8
EPSS 0.92
CVE-2020-11978 HIGH KEVNUCLEI
Apache Airflow < 1.10.11 - Authenticated Remote Code Execution via Example DAG
Jul 17, 2020
CVSS 8.8
EPSS 0.94
CVE-2020-9496 MEDIUM NUCLEI
Apache OFBiz 17.12.03 - Deserialization of Untrusted Data and Cross-Site Scripting via XML-RPC Requests
Jul 15, 2020
CVSS 6.1
EPSS 0.94
CVE-2020-13923 MEDIUM
Apache OFBiz < 17.12.04 - Insecure Direct Object Reference in Ecommerce Order Processing
Jul 15, 2020
CVSS 5.3
EPSS 0.02
CVE-2020-13935 HIGH NUCLEI
Apache Tomcat 7.0.27-7.0.104, 8.5.0-8.5.56, 9.0.0.M1-9.0.36, 10.0.0-M1-M6 DoS via WebSocket Frame Payload Length
Jul 14, 2020
CVSS 7.5
EPSS 0.92
CVE-2020-13934 HIGH
Apache Tomcat 8.5.1-8.5.56, 9.0.0.M5-9.0.36, 10.0.0-M1-10.0.0-M6 - Denial of Service via h2c Direct Connection
Jul 14, 2020
CVSS 7.5
EPSS 0.23
CVE-2020-1948 CRITICAL
Apache Dubbo < 2.7.7 - Remote Code Execution via Untrusted Data Deserialization
Jul 14, 2020
CVSS 9.8
EPSS 0.64
CVE-2020-13926 CRITICAL
Apache Kylin 2.0.0-3.0.9 - SQL Injection via REST API Configuration Overwrite
Jul 14, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-13925 CRITICAL
Apache Kylin 2.3.0-3.0.9 - OS Command Injection via RESTful API
Jul 14, 2020
CVSS 9.8
EPSS 0.85
CVE-2020-11994 HIGH
Apache Camel 2.22.0-2.22.5 - Server-Side Template Injection and Arbitrary File Disclosure
Jul 08, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-9498 MEDIUM
Apache Guacamole < 1.1.0 - Memory Corruption via RDP Static Virtual Channel
Jul 02, 2020
CVSS 6.7
EPSS 0.00
CVE-2020-9497 MEDIUM
Apache Guacamole < 1.1.0 - Information Disclosure via RDP Static Virtual Channel Data
Jul 02, 2020
CVSS 4.4
EPSS 0.00
CVE-2020-9483 HIGH NUCLEI
Apache SkyWalking 6.0.0-6.6.0 - SQL Injection via GraphQL Metadata Query
Jun 30, 2020
CVSS 7.5
EPSS 0.94
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV