apache
3,095 tracked vulnerabilities.
CVE-2020-17513
MEDIUM
Apache Airflow < 1.10.13 - Server-Side Request Forgery via Charts and Query View
Dec 14, 2020
CVSS 5.3
EPSS 0.04
CVE-2020-17511
MEDIUM
Apache Airflow < 1.10.13 - Cleartext Storage of Sensitive Information in Log Table
Dec 14, 2020
CVSS 6.5
EPSS 0.03
CVE-2020-17515
MEDIUM
Apache Airflow < 1.10.15 - Cross-Site Scripting via Origin Parameter
Dec 11, 2020
CVSS 6.1
EPSS 0.16
CVE-2020-17530
CRITICAL
KEVNUCLEI
Apache Struts 2 Forced Multi OGNL Evaluation
Dec 11, 2020
CVSS 9.8
EPSS 0.96
CVE-2020-17529
CRITICAL
Apache NuttX <9.1.0, 10.0.0 - Memory Corruption
Dec 09, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-17528
CRITICAL
Apache NuttX <10.0.0 - Memory Corruption
Dec 09, 2020
CVSS 9.1
EPSS 0.03
CVE-2020-17531
CRITICAL
Apache Tapestry 4 - Deserialization
Dec 08, 2020
CVSS 9.8
EPSS 0.10
CVE-2020-17521
MEDIUM
Apache Groovy <4.0.0 - Info Disclosure
Dec 07, 2020
CVSS 5.5
EPSS 0.01
CVE-2020-13945
MEDIUM
NUCLEI
Apache APISIX <1.6 - Privilege Escalation
Dec 07, 2020
CVSS 6.5
EPSS 0.73
CVE-2020-17527
HIGH
Apache Tomcat <10.0.0-M9, 9.0.39, 8.5.59 - Info Disclosure
Dec 03, 2020
CVSS 7.5
EPSS 0.25
CVE-2020-25649
HIGH
jackson-databind 2.6.0-2.6.7.3 - XML External Entity Injection
Dec 03, 2020
CVSS 7.5
EPSS 0.18
CVE-2020-13956
MEDIUM
Apache HttpClient <4.5.13, 5.0.3 - SSRF
Dec 02, 2020
CVSS 5.3
EPSS 0.09
CVE-2020-11990
LOW
Cordova (Android) - Info Disclosure
Dec 01, 2020
CVSS 3.3
EPSS 0.01
CVE-2020-27218
MEDIUM
Eclipse Jetty 9.4.0-9.4.34 - Sensitive Information Exposure via GZIP Request Body Reuse
Nov 28, 2020
CVSS 4.8
EPSS 0.08
CVE-2020-13942
CRITICAL
NUCLEI
Apache Unomi 1.5.0-1.5.1 - Unauthenticated Remote Code Execution via /context.json Endpoint
Nov 24, 2020
CVSS 9.8
EPSS 0.68
CVE-2020-13958
HIGH
Apache OpenOffice 4.0.0-4.1.7 - Unauthenticated Arbitrary Executable Execution via Hyperlink in Scripting Events
Nov 17, 2020
CVSS 7.8
EPSS 0.03
CVE-2020-26217
HIGH
NUCLEI
XStream < 1.4.14 - Remote Code Execution via Blocklist Bypass
Nov 16, 2020
CVSS 8.0
EPSS 0.85
CVE-2020-13954
MEDIUM
Apache CXF < 3.3.8 - Reflected Cross-Site Scripting via styleSheetPath
Nov 12, 2020
CVSS 6.1
EPSS 0.43
CVE-2020-13927
CRITICAL
KEVNUCLEI
Apache Airflow < 1.10.11 - Unauthenticated Remote Code Execution via Experimental API
Nov 10, 2020
CVSS 9.8
EPSS 1.00
CVE-2020-17510
CRITICAL
Apache Shiro < 1.7.0 - Authentication Bypass via Crafted HTTP Request
Nov 05, 2020
CVSS 9.8
EPSS 0.09
CVE-2020-27216
HIGH
Eclipse Jetty <9.4.32.v20200930, 10.0.0.alpha1-11.0.0.beta2 - Info ...
Oct 23, 2020
CVSS 7.0
EPSS 0.04
CVE-2020-13937
MEDIUM
NUCLEI
Apache Kylin <4.0.0 - Info Disclosure
Oct 19, 2020
CVSS 5.3
EPSS 0.78
CVE-2020-13957
CRITICAL
Apache Solr 6.6.0-6.6.6 7.0.0-7.7.3 8.0.0-8.6.2 - Unauthenticated ConfigSet Upload Bypass
Oct 13, 2020
CVSS 9.8
EPSS 0.79
CVE-2020-15250
MEDIUM
JUnit4 4.7-4.13 - Local Information Disclosure via TemporaryFolder Rule
Oct 12, 2020
CVSS 4.4
EPSS 0.02
CVE-2020-13943
MEDIUM
Apache Tomcat 10.0.0-M1-10.0.0-M7,9.0.0.M1-9.0.37,8.5.0-8.5.57 - In...
Oct 12, 2020
CVSS 4.3
EPSS 0.57
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters