apache
3,095 tracked vulnerabilities.
CVE-2021-30181
CRITICAL
Apache Dubbo 2.5.0-2.6.8 and 2.5.0-2.7.8 - Remote Code Execution via Script Routing Rule Parsing
Jun 01, 2021
CVSS 9.8
EPSS 0.61
CVE-2021-30180
CRITICAL
Apache Dubbo < 2.7.10 - Remote Code Execution via Tag Routing YAML Parsing
Jun 01, 2021
CVSS 9.8
EPSS 0.60
CVE-2021-30179
CRITICAL
Apache Dubbo 2.5.0-2.5.9, 2.6.0-2.6.8, 2.7.0-2.7.9 - Deserialization of Untrusted Data via GenericFilter
Jun 01, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-25641
CRITICAL
Apache Dubbo 2.5.0-2.6.8 & 2.7.0-2.7.7 Unauthenticated Deserialization via Serialization ID Tampering
Jun 01, 2021
CVSS 9.8
EPSS 0.18
CVE-2021-25640
MEDIUM
Apache Dubbo 2.5.0-2.6.8 and 2.7.0-2.7.9 - Server-Side Request Forgery via parseURL Host Check Bypass
Jun 01, 2021
CVSS 6.1
EPSS 0.02
CVE-2021-22160
CRITICAL
Apache Pulsar < 2.7.1 and 2.7.2 - Unauthenticated Authentication Bypass via JWT None Algorithm
May 26, 2021
CVSS 9.8
EPSS 0.53
CVE-2021-23937
HIGH
Apache Wicket 6.0.0-6.2.0, 7.0.0-7.17.0, 8.0.0-8.11.0, 9.0.0-9.2.0 DNS Amplification via X-Forwarded-For
May 25, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-27737
HIGH
Apache Traffic Server 9.0.0 - Denial of Service in Slicer Plugin
May 14, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-31164
HIGH
Apache Unomi <1.5.5 - Info Disclosure
May 04, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-28359
MEDIUM
Apache Airflow <1.10.15 & <2.0.2 - XSS
May 02, 2021
CVSS 6.1
EPSS 0.14
CVE-2021-30128
CRITICAL
NUCLEI
Apache OFBiz <17.12.07 - Deserialization
Apr 27, 2021
CVSS 9.8
EPSS 0.81
CVE-2021-29200
CRITICAL
NUCLEI
Apache OFBiz < 17.12.07 - Unauthenticated Remote Code Execution via Unsafe Deserialization
Apr 27, 2021
CVSS 9.8
EPSS 0.55
CVE-2021-30638
HIGH
Apache Tapestry <5.6.3, <5.7.0-5.7.1 - Info Disclosure
Apr 27, 2021
CVSS 7.5
EPSS 0.07
CVE-2021-28125
MEDIUM
Apache Superset <= 1.0.1 - Open Redirect
Apr 27, 2021
CVSS 6.1
EPSS 0.64
CVE-2021-26291
CRITICAL
Apache Maven < 3.8.1 - Repository Origin Validation Error via POM Dependency References
Apr 23, 2021
CVSS 9.1
EPSS 0.09
CVE-2021-30245
HIGH
Apache OpenOffice <4.1.8 - Code Injection
Apr 15, 2021
CVSS 8.8
EPSS 0.05
CVE-2021-27850
CRITICAL
NUCLEI
Apache Tapestry 5.4.0-5.6.2 and 5.7.0 - Unauthenticated Remote Code Execution via Asset File URL Blacklist Bypass
Apr 15, 2021
CVSS 9.8
EPSS 0.94
CVE-2021-29943
CRITICAL
Apache Solr < 8.8.2 - Incorrect Authorization via ConfigurableInternodeAuthHadoopPlugin
Apr 13, 2021
CVSS 9.1
EPSS 0.05
CVE-2021-29425
MEDIUM
Apache Commons IO - Path Traversal via FileNameUtils.normalize
Apr 13, 2021
CVSS 4.8
EPSS 0.11
CVE-2021-29262
HIGH
Apache Solr < 8.8.2 - Insufficiently Protected Credentials in ZkACLProvider
Apr 13, 2021
CVSS 7.5
EPSS 0.08
CVE-2021-27905
CRITICAL
NUCLEI
Apache Solr < 8.8.2 - Server-Side Request Forgery via ReplicationHandler masterUrl Parameter
Apr 13, 2021
CVSS 9.8
EPSS 0.93
CVE-2021-22696
HIGH
Apache CXF < 3.3.10 and 3.4.0-3.4.3 - Server-Side Request Forgery via OAuth 2 request_uri Parameter
Apr 02, 2021
CVSS 7.5
EPSS 0.07
CVE-2021-28163
LOW
NetApp Cloud Manager - Exposure of Sensitive Information via Symlink Webapps Directory
Apr 01, 2021
CVSS 2.7
EPSS 0.04
CVE-2021-28657
MEDIUM
Apache Tika <= 1.25 - Denial of Service via MP3 Parser Infinite Loop
Mar 31, 2021
CVSS 5.5
EPSS 0.03
CVE-2021-26919
HIGH
Apache Druid < 0.20.2 - Remote Code Execution via MySQL JDBC Driver Properties
Mar 30, 2021
CVSS 8.8
EPSS 0.23
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters