apache
3,096 tracked vulnerabilities.
CVE-2020-11984
CRITICAL
NUCLEI
Apache HTTP Server - Remote Code Execution
Aug 07, 2020
CVSS 9.8
EPSS 0.90
CVE-2020-13921
CRITICAL
Apache SkyWalking < 8.1.0 - SQL Injection via Wildcard Query
Aug 05, 2020
CVSS 9.8
EPSS 0.33
CVE-2020-13932
MEDIUM
Apache ActiveMQ Artemis 2.5.0-2.13.0 - Cross-Site Scripting via MQTT Client-ID or Topic Name
Jul 20, 2020
CVSS 6.1
EPSS 0.04
CVE-2020-9485
MEDIUM
Apache Airflow < 1.10.10 - Stored Cross-Site Scripting in Chart Pages
Jul 17, 2020
CVSS 6.1
EPSS 0.02
CVE-2020-11983
MEDIUM
Apache Airflow < 1.10.10 - Authenticated Stored Cross-Site Scripting in RBAC UI
Jul 17, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-11982
CRITICAL
Apache Airflow < 1.10.10 - Remote Code Execution via CeleryExecutor Deserialization
Jul 17, 2020
CVSS 9.8
EPSS 0.07
CVE-2020-11981
CRITICAL
NUCLEI
Apache Airflow < 1.10.10 - OS Command Injection via CeleryExecutor
Jul 17, 2020
CVSS 9.8
EPSS 0.34
CVE-2020-11978
HIGH
KEVNUCLEI
Apache Airflow < 1.10.11 - Authenticated Remote Code Execution via Example DAG
Jul 17, 2020
CVSS 8.8
EPSS 0.99
CVE-2020-9496
MEDIUM
NUCLEI
Apache OFBiz 17.12.03 - Deserialization of Untrusted Data and Cross-Site Scripting via XML-RPC Requests
Jul 15, 2020
CVSS 6.1
EPSS 0.99
CVE-2020-13923
MEDIUM
Apache OFBiz < 17.12.04 - Insecure Direct Object Reference in Ecommerce Order Processing
Jul 15, 2020
CVSS 5.3
EPSS 0.05
CVE-2020-13935
HIGH
NUCLEI
Apache Tomcat 7.0.27-7.0.104, 8.5.0-8.5.56, 9.0.0.M1-9.0.36, 10.0.0-M1-M6 DoS via WebSocket Frame Payload Length
Jul 14, 2020
CVSS 7.5
EPSS 0.88
CVE-2020-13934
HIGH
Apache Tomcat 8.5.1-8.5.56, 9.0.0.M5-9.0.36, 10.0.0-M1-10.0.0-M6 - Denial of Service via h2c Direct Connection
Jul 14, 2020
CVSS 7.5
EPSS 0.64
CVE-2020-1948
CRITICAL
Apache Dubbo < 2.7.7 - Remote Code Execution via Untrusted Data Deserialization
Jul 14, 2020
CVSS 9.8
EPSS 0.14
CVE-2020-13926
CRITICAL
Apache Kylin 2.0.0-3.0.9 - SQL Injection via REST API Configuration Overwrite
Jul 14, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-13925
CRITICAL
Apache Kylin 2.3.0-3.0.9 - OS Command Injection via RESTful API
Jul 14, 2020
CVSS 9.8
EPSS 0.20
CVE-2020-11994
HIGH
Apache Camel 2.22.0-2.22.5 - Server-Side Template Injection and Arbitrary File Disclosure
Jul 08, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-9498
MEDIUM
Apache Guacamole < 1.1.0 - Memory Corruption via RDP Static Virtual Channel
Jul 02, 2020
CVSS 6.7
EPSS 0.01
CVE-2020-9497
MEDIUM
Apache Guacamole < 1.1.0 - Information Disclosure via RDP Static Virtual Channel Data
Jul 02, 2020
CVSS 4.4
EPSS 0.01
CVE-2020-9483
HIGH
NUCLEI
Apache SkyWalking 6.0.0-6.6.0 - SQL Injection via GraphQL Metadata Query
Jun 30, 2020
CVSS 7.5
EPSS 0.35
CVE-2020-8022
HIGH
tomcat - Incorrect Default Permissions
Jun 29, 2020
CVSS 7.7
EPSS 0.01
CVE-2020-11996
HIGH
Apache Tomcat <10.0.0-M6, <9.0.36, <8.5.56 - DoS
Jun 26, 2020
CVSS 7.5
EPSS 0.27
CVE-2020-10727
MEDIUM
ActiveMQ Artemis <2.12.0 - Info Disclosure
Jun 26, 2020
CVSS 5.5
EPSS 0.01
CVE-2020-9494
HIGH
Apache Traffic Server < 6.2.3 - Resource Allocation Without Limits
Jun 24, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-9480
CRITICAL
NUCLEI
Apache Spark <= 2.4.5 - Unauthenticated Remote Code Execution via Standalone Resource Manager
Jun 23, 2020
CVSS 9.8
EPSS 0.29
CVE-2020-11989
CRITICAL
Apache Shiro < 1.5.3 - Authentication Bypass via Spring Dynamic Controllers
Jun 22, 2020
CVSS 9.8
EPSS 0.24
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters