apache
3,095 tracked vulnerabilities.
CVE-2021-21351
MEDIUM
NUCLEI
Oracle Banking Platform < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 5.4
EPSS 0.82
CVE-2021-21350
MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 5.3
EPSS 0.15
CVE-2021-21349
MEDIUM
Netapp Oncommand Insight < 5.15.14 - SSRF
Mar 23, 2021
CVSS 6.1
EPSS 0.47
CVE-2021-21348
MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 5.3
EPSS 0.14
CVE-2021-21347
MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 6.1
EPSS 0.14
CVE-2021-21346
MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 6.1
EPSS 0.76
CVE-2021-21345
MEDIUM
NUCLEI
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 5.8
EPSS 0.72
CVE-2021-21344
MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 5.3
EPSS 0.76
CVE-2021-21343
MEDIUM
XStream <1.4.16 - Code Injection
Mar 23, 2021
CVSS 5.3
EPSS 0.47
CVE-2021-21342
MEDIUM
Netapp Oncommand Insight < 5.15.14 - SSRF
Mar 23, 2021
CVSS 5.3
EPSS 0.50
CVE-2021-21341
HIGH
NetApp OnCommand Insight - Denial of Service via XStream Deserialization
Mar 23, 2021
CVSS 7.5
EPSS 0.78
CVE-2021-26295
CRITICAL
NUCLEI
Apache OFBiz SOAP Java Deserialization
Mar 22, 2021
CVSS 9.8
EPSS 0.98
CVE-2021-27906
MEDIUM
Apache PDFBox <2.0.22 - Memory Corruption
Mar 19, 2021
CVSS 5.5
EPSS 0.03
CVE-2021-27807
MEDIUM
Apache PDFBox <2.0.22 - Info Disclosure
Mar 19, 2021
CVSS 5.5
EPSS 0.03
CVE-2021-27576
HIGH
Apache OpenMeetings 4.0.0-5.x - Denial of Service via NetTest Web Service
Mar 15, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-21295
MEDIUM
Netty < 4.1.60 - HTTP Request Smuggling via HTTP/2 to HTTP/1.1 Conversion
Mar 09, 2021
CVSS 5.9
EPSS 0.19
CVE-2021-27907
MEDIUM
Apache Superset <=0.38.0 - Stored XSS
Mar 05, 2021
CVSS 5.4
EPSS 0.86
CVE-2021-25329
HIGH
Apache Tomcat <10.0.0, 9.0.42+, 8.5.62+, 7.0.108+ - RCE
Mar 01, 2021
CVSS 7.0
EPSS 0.09
CVE-2021-25122
HIGH
Apache Tomcat <10.0.0,9.0.41,8.5.61 - Info Disclosure
Mar 01, 2021
CVSS 7.5
EPSS 0.18
CVE-2021-26544
MEDIUM
Apache Livy 0.7.0-incubating - Cross-Site Scripting in Session Name
Feb 20, 2021
CVSS 5.4
EPSS 0.03
CVE-2021-26296
HIGH
Apache MyFaces 2.2.0-2.2.13, 2.3.0-2.3.7, 3.0.0-RC1 CSRF via Weak Token Generation
Feb 19, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-26697
MEDIUM
Apache Airflow 2.0.0 - Unauthenticated Improper Privilege Management via Experimental API Lineage Endpoint
Feb 17, 2021
CVSS 5.3
EPSS 0.05
CVE-2021-26559
MEDIUM
Apache Airflow 2.0.0 - Improper Access Control in Configurations Endpoint
Feb 17, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-21315
HIGH
KEVNUCLEI
systeminformation < 5.3.1 - OS Command Injection via Service Parameter Handling
Feb 16, 2021
CVSS 7.1
EPSS 0.90
CVE-2021-25646
HIGH
NUCLEI
Apache Druid < 0.20.0 - Authenticated Remote Code Execution via JavaScript Code Injection
Jan 29, 2021
CVSS 8.8
EPSS 0.99
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters