apache

2,905 tracked vulnerabilities.

CVE-2017-5650 HIGH
Apache Tomcat 8.5.0-8.5.12 and 9.0.0.M1-9.0.0.M18 - Denial of Service via HTTP/2 GOAWAY Frame Handling
Apr 17, 2017
CVSS 7.5
EPSS 0.13
CVE-2017-5648 CRITICAL
Apache Tomcat < 9.0.0.M18 - Exposure to Wrong Actor
Apr 17, 2017
CVSS 9.1
EPSS 0.22
CVE-2017-5647 HIGH
Apache Tomcat < 9.0.0.M19 - Information Disclosure
Apr 17, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-5649 HIGH
Apache Geode < 1.1.1 - Authenticated Sensitive Data Exposure via Pulse Data Browser
Apr 04, 2017
CVSS 7.5
EPSS 0.00
CVE-2017-5642 CRITICAL
Apache Ambari 2.4.0-2.4.2 - Incorrect Default Permissions
Apr 03, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-5644 MEDIUM
Apache POI < 3.15 - Denial of Service via XML Entity Expansion
Mar 24, 2017
CVSS 5.5
EPSS 0.01
CVE-2017-5643 HIGH
Apache Camel < 2.16.0 - Server-Side Request Forgery via Remote DTDs
Mar 16, 2017
CVSS 7.4
EPSS 0.01
CVE-2017-5638 CRITICAL KEVNUCLEI
Apache Struts 2.3.x < 2.3.32 and 2.5.x < 2.5.10.1 - Remote Code Execution via Jakarta Multipart Parser
Mar 11, 2017
CVSS 9.8
EPSS 0.94
CVE-2017-3159 CRITICAL
Apache Camel < 2.14.4 - Deserialization of Untrusted Data via SnakeYAML
Mar 07, 2017
CVSS 9.8
EPSS 0.03
CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
Jan 26, 2026
CVSS 9.9
EPSS 0.29
CVE-2016-1000104 HIGH
mod_fcgid <2016-07-07 - Auth Bypass
Dec 03, 2019
CVSS 8.8
EPSS 0.00
CVE-2016-4975 MEDIUM NUCLEI
Apache HTTP Server <2.4.24, <2.2.32 - CRLF Injection
Aug 14, 2018
CVSS 6.1
EPSS 0.73
CVE-2016-8612 MEDIUM
Apache HTTP Server mod_cluster <httpd 2.4.23 - Memory Corruption
Mar 09, 2018
CVSS 4.3
EPSS 0.01
CVE-2016-8750 MEDIUM
Apache Karaf < 4.0.8 - Denial of Service via LDAP Injection
Feb 19, 2018
CVSS 6.5
EPSS 0.02
CVE-2016-8742 HIGH
Apache CouchDB <2.0.0 - Privilege Escalation
Feb 12, 2018
CVSS 7.8
EPSS 0.00
CVE-2016-5397 HIGH
Apache Thrift < 0.10.0 - Command Injection via Code Generation
Feb 12, 2018
CVSS 8.8
EPSS 0.23
CVE-2016-6813 CRITICAL
Apache CloudStack 4.1-4.8.1.0,4.9.0.0 - Privilege Escalation
Feb 06, 2018
CVSS 9.8
EPSS 0.02
CVE-2016-6814 CRITICAL
Apache Groovy 1.7.0-2.4.7 - Remote Code Execution via Untrusted Data Deserialization
Jan 18, 2018
CVSS 9.8
EPSS 0.24
CVE-2016-6810 MEDIUM
Apache ActiveMQ 5.0.0-5.14.1 - Stored Cross-Site Scripting in Web Administration Console
Jan 10, 2018
CVSS 6.1
EPSS 0.03
CVE-2016-6804 HIGH
Apache OpenOffice < 4.1.3 - DLL Hijacking via Installer
Nov 20, 2017
CVSS 7.8
EPSS 0.00
CVE-2016-6803 HIGH
Apache OpenOffice < 4.1.3 - Untrusted Search Path
Nov 13, 2017
CVSS 7.8
EPSS 0.00
CVE-2016-3090 HIGH
Apache Struts 2.x < 2.3.20 - Remote Code Execution via OGNL Expression Injection
Oct 30, 2017
CVSS 8.8
EPSS 0.02
CVE-2016-5003 CRITICAL
Apache ws-xmlrpc 3.1.3 - Remote Code Execution via Deserialization in Serializable Element
Oct 27, 2017
CVSS 9.8
EPSS 0.42
CVE-2016-5002 HIGH
Apache XML-RPC 3.1.3 - XML External Entity Injection via Crafted DTD
Oct 27, 2017
CVSS 7.8
EPSS 0.04
CVE-2016-8748 MEDIUM
Apache NiFi < 1.0.1 and 1.1.x < 1.1.1 - Cross-Site Scripting in Connection Details Dialog
Oct 19, 2017
CVSS 5.4
EPSS 0.00
Products
http_server 317 tomcat 254 airflow 120 struts 90 traffic_server 82 ofbiz 74 superset 68 openoffice 60 activemq 57 subversion 47 cxf 46 nifi 46 solr 46 cloudstack 45 camel 40 hadoop 37 inlong 32 openmeetings 28 dolphinscheduler 27 ambari 26 tika 25 jspwiki 24 geode 23 spark 22 wicket 22 zeppelin 22 kylin 21 ranger 21 archiva 20 couchdb 20
Quick Filters
Critical CVEs With Exploits In CISA KEV