apache

3,095 tracked vulnerabilities.

CVE-2021-30181 CRITICAL
Apache Dubbo 2.5.0-2.6.8 and 2.5.0-2.7.8 - Remote Code Execution via Script Routing Rule Parsing
Jun 01, 2021
CVSS 9.8
EPSS 0.61
CVE-2021-30180 CRITICAL
Apache Dubbo < 2.7.10 - Remote Code Execution via Tag Routing YAML Parsing
Jun 01, 2021
CVSS 9.8
EPSS 0.60
CVE-2021-30179 CRITICAL
Apache Dubbo 2.5.0-2.5.9, 2.6.0-2.6.8, 2.7.0-2.7.9 - Deserialization of Untrusted Data via GenericFilter
Jun 01, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-25641 CRITICAL
Apache Dubbo 2.5.0-2.6.8 & 2.7.0-2.7.7 Unauthenticated Deserialization via Serialization ID Tampering
Jun 01, 2021
CVSS 9.8
EPSS 0.18
CVE-2021-25640 MEDIUM
Apache Dubbo 2.5.0-2.6.8 and 2.7.0-2.7.9 - Server-Side Request Forgery via parseURL Host Check Bypass
Jun 01, 2021
CVSS 6.1
EPSS 0.02
CVE-2021-22160 CRITICAL
Apache Pulsar < 2.7.1 and 2.7.2 - Unauthenticated Authentication Bypass via JWT None Algorithm
May 26, 2021
CVSS 9.8
EPSS 0.53
CVE-2021-23937 HIGH
Apache Wicket 6.0.0-6.2.0, 7.0.0-7.17.0, 8.0.0-8.11.0, 9.0.0-9.2.0 DNS Amplification via X-Forwarded-For
May 25, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-27737 HIGH
Apache Traffic Server 9.0.0 - Denial of Service in Slicer Plugin
May 14, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-31164 HIGH
Apache Unomi <1.5.5 - Info Disclosure
May 04, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-28359 MEDIUM
Apache Airflow <1.10.15 & <2.0.2 - XSS
May 02, 2021
CVSS 6.1
EPSS 0.14
CVE-2021-30128 CRITICAL NUCLEI
Apache OFBiz <17.12.07 - Deserialization
Apr 27, 2021
CVSS 9.8
EPSS 0.81
CVE-2021-29200 CRITICAL NUCLEI
Apache OFBiz < 17.12.07 - Unauthenticated Remote Code Execution via Unsafe Deserialization
Apr 27, 2021
CVSS 9.8
EPSS 0.55
CVE-2021-30638 HIGH
Apache Tapestry <5.6.3, <5.7.0-5.7.1 - Info Disclosure
Apr 27, 2021
CVSS 7.5
EPSS 0.07
CVE-2021-28125 MEDIUM
Apache Superset <= 1.0.1 - Open Redirect
Apr 27, 2021
CVSS 6.1
EPSS 0.64
CVE-2021-26291 CRITICAL
Apache Maven < 3.8.1 - Repository Origin Validation Error via POM Dependency References
Apr 23, 2021
CVSS 9.1
EPSS 0.09
CVE-2021-30245 HIGH
Apache OpenOffice <4.1.8 - Code Injection
Apr 15, 2021
CVSS 8.8
EPSS 0.05
CVE-2021-27850 CRITICAL NUCLEI
Apache Tapestry 5.4.0-5.6.2 and 5.7.0 - Unauthenticated Remote Code Execution via Asset File URL Blacklist Bypass
Apr 15, 2021
CVSS 9.8
EPSS 0.94
CVE-2021-29943 CRITICAL
Apache Solr < 8.8.2 - Incorrect Authorization via ConfigurableInternodeAuthHadoopPlugin
Apr 13, 2021
CVSS 9.1
EPSS 0.05
CVE-2021-29425 MEDIUM
Apache Commons IO - Path Traversal via FileNameUtils.normalize
Apr 13, 2021
CVSS 4.8
EPSS 0.11
CVE-2021-29262 HIGH
Apache Solr < 8.8.2 - Insufficiently Protected Credentials in ZkACLProvider
Apr 13, 2021
CVSS 7.5
EPSS 0.08
CVE-2021-27905 CRITICAL NUCLEI
Apache Solr < 8.8.2 - Server-Side Request Forgery via ReplicationHandler masterUrl Parameter
Apr 13, 2021
CVSS 9.8
EPSS 0.93
CVE-2021-22696 HIGH
Apache CXF < 3.3.10 and 3.4.0-3.4.3 - Server-Side Request Forgery via OAuth 2 request_uri Parameter
Apr 02, 2021
CVSS 7.5
EPSS 0.07
CVE-2021-28163 LOW
NetApp Cloud Manager - Exposure of Sensitive Information via Symlink Webapps Directory
Apr 01, 2021
CVSS 2.7
EPSS 0.04
CVE-2021-28657 MEDIUM
Apache Tika <= 1.25 - Denial of Service via MP3 Parser Infinite Loop
Mar 31, 2021
CVSS 5.5
EPSS 0.03
CVE-2021-26919 HIGH
Apache Druid < 0.20.2 - Remote Code Execution via MySQL JDBC Driver Properties
Mar 30, 2021
CVSS 8.8
EPSS 0.23