apache
3,096 tracked vulnerabilities.
CVE-2020-1954
MEDIUM
Apache CXF < 3.2.13 - Man-in-the-Middle Attack via JMX InstrumentationManager
Apr 01, 2020
CVSS 5.3
EPSS 0.06
CVE-2020-1934
MEDIUM
Apache HTTP Server 2.4.0-2.4.41 - Use of Uninitialized Resource in mod_proxy_ftp
Apr 01, 2020
CVSS 5.3
EPSS 0.52
CVE-2020-1949
MEDIUM
Sling CMS < 0.16.0 - Reflected Cross-Site Scripting via Sling Selector
Apr 01, 2020
CVSS 6.1
EPSS 0.02
CVE-2020-1943
MEDIUM
NUCLEI
Apache OFBiz 16.11.01-16.11.07 - Cross-Site Scripting via Unsanitized contentId Parameter
Apr 01, 2020
CVSS 6.1
EPSS 0.97
CVE-2020-1957
CRITICAL
Apache Shiro < 1.5.2 - Authentication Bypass via Spring Dynamic Controllers
Mar 25, 2020
CVSS 9.8
EPSS 0.24
CVE-2020-1944
CRITICAL
Apache Traffic Server 6.0.0-6.2.3, 7.0.0-7.1.8, 8.0.0-8.0.5 - HTTP Request Smuggling
Mar 23, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-1951
MEDIUM
Apache Tika 1.0-1.23 - Denial of Service via Crafted PSD File
Mar 23, 2020
CVSS 5.5
EPSS 0.03
CVE-2020-1950
MEDIUM
Apache Tika 1.0-1.23 - Uncontrolled Resource Consumption in PSDParser
Mar 23, 2020
CVSS 5.5
EPSS 0.03
CVE-2020-1953
CRITICAL
Apache Commons Configuration <2.7 - Code Injection
Mar 13, 2020
CVSS 10.0
EPSS 0.07
CVE-2020-1947
CRITICAL
Apache ShardingSphere 4.0.0-RC3-4.0.0 - Remote Code Execution via SnakeYAML Deserialization
Mar 11, 2020
CVSS 9.8
EPSS 0.34
CVE-2020-1938
CRITICAL
KEVNUCLEI
Apache Tomcat 7.0.0-7.0.99, 8.5.0-8.5.50, 9.0.0.M1-9.0.0.30 - Remote Code Execution via AJP File Read and JSP Processing
Feb 24, 2020
CVSS 9.8
EPSS 0.99
CVE-2020-1935
MEDIUM
Apache Tomcat 7.0.0-7.0.99, 8.5.0-8.5.50, 9.0.0.M1-9.0.30 - HTTP Request Smuggling via Invalid Transfer-Encoding Header
Feb 24, 2020
CVSS 4.8
EPSS 0.09
CVE-2020-1937
HIGH
Apache Kylin 2.3.0-2.3.1 and 2.6.0-2.6.4 - SQL Injection via RESTful API Input
Feb 24, 2020
CVSS 8.8
EPSS 0.03
CVE-2020-1942
HIGH
Apache NiFi 0.0.1-1.11.0 - Sensitive Information Disclosure in Flow Fingerprint Logs
Feb 11, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-5529
HIGH
HtmlUnit < 2.37.0 - Remote Code Execution via Improper Rhino Engine Initialization
Feb 11, 2020
CVSS 8.1
EPSS 0.05
CVE-2020-1931
HIGH
Apache SpamAssassin < 3.4.3 - OS Command Injection via Configuration Files
Jan 30, 2020
CVSS 8.1
EPSS 0.06
CVE-2020-1930
HIGH
Apache SpamAssassin < 3.4.3 - OS Command Injection via Rule Configuration Files
Jan 30, 2020
CVSS 8.1
EPSS 0.07
CVE-2020-1940
HIGH
Apache Jackrabbit Oak 1.2.0-1.22.0 - Sensitive Information Disclosure via Password Change Feature
Jan 28, 2020
CVSS 7.5
EPSS 0.05
CVE-2020-1933
MEDIUM
Apache NiFi 1.0.0-1.10.0 - Cross-Site Scripting via Firefox UI Injection
Jan 28, 2020
CVSS 6.1
EPSS 0.03
CVE-2020-1932
MEDIUM
Apache Superset 0.34.0-0.35.1 - Authenticated Information Disclosure via Undocumented API Endpoint
Jan 28, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-1928
MEDIUM
Apache NiFi 1.10.0 - Sensitive Information Disclosure in Parameter Parser
Jan 28, 2020
CVSS 5.3
EPSS 0.04
CVE-2020-1929
HIGH
Apache Beam 2.10.0-2.16.0 - Improper Certificate Validation in MongoDB Connector
Jan 15, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-1925
HIGH
Apache Olingo 4.0.0-4.7.0 - Server-Side Request Forgery via Location Header
Jan 09, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-5499
CRITICAL
Baidu Rust SGX SDK <1.0.8 - Use After Free
Jan 04, 2020
CVSS 9.8
EPSS 0.03
CVE-2019-10095
CRITICAL
Apache Zeppelin <0.9.0 - Command Injection
Sep 02, 2021
CVSS 9.8
EPSS 0.06
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters