apache

3,095 tracked vulnerabilities.

CVE-2021-21351 MEDIUM NUCLEI
Oracle Banking Platform < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 5.4
EPSS 0.82
CVE-2021-21350 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 5.3
EPSS 0.15
CVE-2021-21349 MEDIUM
Netapp Oncommand Insight < 5.15.14 - SSRF
Mar 23, 2021
CVSS 6.1
EPSS 0.47
CVE-2021-21348 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 5.3
EPSS 0.14
CVE-2021-21347 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 6.1
EPSS 0.14
CVE-2021-21346 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 6.1
EPSS 0.76
CVE-2021-21345 MEDIUM NUCLEI
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 5.8
EPSS 0.72
CVE-2021-21344 MEDIUM
Netapp Oncommand Insight < 5.15.14 - Insecure Deserialization
Mar 23, 2021
CVSS 5.3
EPSS 0.76
CVE-2021-21343 MEDIUM
XStream <1.4.16 - Code Injection
Mar 23, 2021
CVSS 5.3
EPSS 0.47
CVE-2021-21342 MEDIUM
Netapp Oncommand Insight < 5.15.14 - SSRF
Mar 23, 2021
CVSS 5.3
EPSS 0.50
CVE-2021-21341 HIGH
NetApp OnCommand Insight - Denial of Service via XStream Deserialization
Mar 23, 2021
CVSS 7.5
EPSS 0.78
CVE-2021-26295 CRITICAL NUCLEI
Apache OFBiz SOAP Java Deserialization
Mar 22, 2021
CVSS 9.8
EPSS 0.98
CVE-2021-27906 MEDIUM
Apache PDFBox <2.0.22 - Memory Corruption
Mar 19, 2021
CVSS 5.5
EPSS 0.03
CVE-2021-27807 MEDIUM
Apache PDFBox <2.0.22 - Info Disclosure
Mar 19, 2021
CVSS 5.5
EPSS 0.03
CVE-2021-27576 HIGH
Apache OpenMeetings 4.0.0-5.x - Denial of Service via NetTest Web Service
Mar 15, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-21295 MEDIUM
Netty < 4.1.60 - HTTP Request Smuggling via HTTP/2 to HTTP/1.1 Conversion
Mar 09, 2021
CVSS 5.9
EPSS 0.19
CVE-2021-27907 MEDIUM
Apache Superset <=0.38.0 - Stored XSS
Mar 05, 2021
CVSS 5.4
EPSS 0.86
CVE-2021-25329 HIGH
Apache Tomcat <10.0.0, 9.0.42+, 8.5.62+, 7.0.108+ - RCE
Mar 01, 2021
CVSS 7.0
EPSS 0.09
CVE-2021-25122 HIGH
Apache Tomcat <10.0.0,9.0.41,8.5.61 - Info Disclosure
Mar 01, 2021
CVSS 7.5
EPSS 0.18
CVE-2021-26544 MEDIUM
Apache Livy 0.7.0-incubating - Cross-Site Scripting in Session Name
Feb 20, 2021
CVSS 5.4
EPSS 0.03
CVE-2021-26296 HIGH
Apache MyFaces 2.2.0-2.2.13, 2.3.0-2.3.7, 3.0.0-RC1 CSRF via Weak Token Generation
Feb 19, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-26697 MEDIUM
Apache Airflow 2.0.0 - Unauthenticated Improper Privilege Management via Experimental API Lineage Endpoint
Feb 17, 2021
CVSS 5.3
EPSS 0.05
CVE-2021-26559 MEDIUM
Apache Airflow 2.0.0 - Improper Access Control in Configurations Endpoint
Feb 17, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-21315 HIGH KEVNUCLEI
systeminformation < 5.3.1 - OS Command Injection via Service Parameter Handling
Feb 16, 2021
CVSS 7.1
EPSS 0.90
CVE-2021-25646 HIGH NUCLEI
Apache Druid < 0.20.0 - Authenticated Remote Code Execution via JavaScript Code Injection
Jan 29, 2021
CVSS 8.8
EPSS 0.99