apache
3,096 tracked vulnerabilities.
CVE-2019-0202
HIGH
Apache Storm 0.9.1-incubating-1.2.2 - Unauthenticated Sensitive Information Exposure via Logviewer Endpoint
Jul 26, 2019
CVSS 7.5
EPSS 0.02
CVE-2019-0234
MEDIUM
Apache Roller - Reflected Cross-Site Scripting in Math Comment Authenticator
Jul 15, 2019
CVSS 6.1
EPSS 0.03
CVE-2019-10072
HIGH
Apache Tomcat <9.0.19, <8.5.40 - DoS
Jun 21, 2019
CVSS 7.5
EPSS 0.73
CVE-2019-10085
MEDIUM
Apache Allura < 1.11.0 - Stored Cross-Site Scripting in User Dropdown Selector
Jun 19, 2019
CVSS 6.1
EPSS 0.05
CVE-2019-0197
MEDIUM
Apache HTTP Server 2.4.34-2.4.38 - Denial of Service via HTTP/2 Upgrade Request
Jun 11, 2019
CVSS 4.2
EPSS 0.08
CVE-2019-0196
MEDIUM
Apache HTTP Server 2.4.17-2.4.38 - Use-After-Free in HTTP/2 Request Handling
Jun 11, 2019
CVSS 5.3
EPSS 0.19
CVE-2019-0220
MEDIUM
Apache HTTP Server <2.4.39 - Path Traversal
Jun 11, 2019
CVSS 5.3
EPSS 0.18
CVE-2019-0221
MEDIUM
NUCLEI
Apache Tomcat 7.0.0-7.0.93 and 8.5.0-8.5.39 and 9.0.0.M1-9.0.0.17 - Cross-Site Scripting via SSI printenv Command
May 28, 2019
CVSS 6.1
EPSS 0.46
CVE-2019-0188
HIGH
Apache Camel < 2.24.0 - XML External Entity Injection in camel-xmljson Component
May 28, 2019
CVSS 7.5
EPSS 0.08
CVE-2019-0201
MEDIUM
Apache ZooKeeper 1.0.0-3.4.13 and 3.5.0-alpha-3.5.4-beta - Unauthenticated Information Disclosure via getACL() Command
May 23, 2019
CVSS 5.9
EPSS 0.10
CVE-2019-10078
MEDIUM
Apache JSPWiki 2.9.0-2.11.0.M3 - Cross-Site Scripting via Plugin Link Invocation
May 20, 2019
CVSS 6.1
EPSS 0.05
CVE-2019-10077
MEDIUM
Apache JSPWiki 2.9.0-2.11.0.M3 - Cross-Site Scripting via InterWiki Link
May 20, 2019
CVSS 6.1
EPSS 0.05
CVE-2019-10076
MEDIUM
Apache JSPWiki 2.9.0-2.11.0.M3 - Stored Cross-Site Scripting via Malicious Attachment
May 20, 2019
CVSS 6.1
EPSS 0.05
CVE-2019-0226
MEDIUM
Apache Karaf < 4.2.5 - Path Traversal and Arbitrary File Write via Config Service Install Method
May 09, 2019
CVSS 4.9
EPSS 0.02
CVE-2019-0227
HIGH
Apache Axis 1.4 - Server-Side Request Forgery
May 01, 2019
CVSS 7.5
EPSS 0.87
CVE-2019-0214
MEDIUM
Apache Archiva <2.2.3 - Path Traversal
Apr 30, 2019
CVSS 6.5
EPSS 0.05
CVE-2019-0213
MEDIUM
Apache Archiva < 2.2.4 - Stored Cross-Site Scripting via Logo URL Configuration
Apr 30, 2019
CVSS 6.5
EPSS 0.05
CVE-2019-0194
HIGH
Apache Camel 2.0.0-2.19.0 and 2.21.0-2.21.4 - Path Traversal
Apr 30, 2019
CVSS 7.5
EPSS 0.08
CVE-2019-0186
MEDIUM
Apache Pluto Chat Room Demo 3.0.0-3.0.1 - Cross-Site Scripting
Apr 26, 2019
CVSS 6.1
EPSS 0.21
CVE-2019-2684
MEDIUM
Oracle JDK and JRE - Unauthenticated Data Manipulation via RMI
Apr 23, 2019
CVSS 5.9
EPSS 0.38
CVE-2019-0223
HIGH
Apache Qpid 0.9-0.27.0 - Unauthenticated TLS Peer Certificate Verification Bypass
Apr 23, 2019
CVSS 7.4
EPSS 0.06
CVE-2019-0218
MEDIUM
Apache Pony Mail 0.8-0.9 - Reflected Cross-Site Scripting via Crafted URL
Apr 22, 2019
CVSS 6.1
EPSS 0.05
CVE-2019-10241
MEDIUM
Eclipse Jetty <= 9.2.26, <= 9.3.25, <= 9.4.15 - Cross-Site Scripting via Directory Listing
Apr 22, 2019
CVSS 6.1
EPSS 0.10
CVE-2019-0228
CRITICAL
Apache PDFBox 2.0.14 - XML External Entity Injection via XFDF
Apr 17, 2019
CVSS 9.8
EPSS 0.09
CVE-2019-0232
HIGH
NUCLEI
Apache Tomcat 7.0.0-7.0.93, 8.5.0-8.5.39, 9.0.0.M1-9.0.17 - Remote Code Execution via CGI Servlet
Apr 15, 2019
CVSS 8.1
EPSS 1.00
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters