apache
3,096 tracked vulnerabilities.
CVE-2016-15057
CRITICAL
Apache Continuum - Command Injection
Jan 26, 2026
CVSS 9.9
EPSS 0.04
CVE-2016-1000104
HIGH
mod_fcgid <2016-07-07 - Auth Bypass
Dec 03, 2019
CVSS 8.8
EPSS 0.02
CVE-2016-4975
MEDIUM
NUCLEI
Apache HTTP Server <2.4.24, <2.2.32 - CRLF Injection
Aug 14, 2018
CVSS 6.1
EPSS 0.20
CVE-2016-8612
MEDIUM
Apache HTTP Server mod_cluster <httpd 2.4.23 - Memory Corruption
Mar 09, 2018
CVSS 4.3
EPSS 0.05
CVE-2016-8750
MEDIUM
Apache Karaf < 4.0.8 - Denial of Service via LDAP Injection
Feb 19, 2018
CVSS 6.5
EPSS 0.05
CVE-2016-8742
HIGH
Apache CouchDB <2.0.0 - Privilege Escalation
Feb 12, 2018
CVSS 7.8
EPSS 0.02
CVE-2016-5397
HIGH
Apache Thrift < 0.10.0 - Command Injection via Code Generation
Feb 12, 2018
CVSS 8.8
EPSS 0.07
CVE-2016-6813
CRITICAL
Apache CloudStack 4.1-4.8.1.0,4.9.0.0 - Privilege Escalation
Feb 06, 2018
CVSS 9.8
EPSS 0.06
CVE-2016-6814
CRITICAL
Apache Groovy 1.7.0-2.4.7 - Remote Code Execution via Untrusted Data Deserialization
Jan 18, 2018
CVSS 9.8
EPSS 0.17
CVE-2016-6810
MEDIUM
Apache ActiveMQ 5.0.0-5.14.1 - Stored Cross-Site Scripting in Web Administration Console
Jan 10, 2018
CVSS 6.1
EPSS 0.06
CVE-2016-6804
HIGH
Apache OpenOffice < 4.1.3 - DLL Hijacking via Installer
Nov 20, 2017
CVSS 7.8
EPSS 0.03
CVE-2016-6803
HIGH
Apache OpenOffice < 4.1.3 - Untrusted Search Path
Nov 13, 2017
CVSS 7.8
EPSS 0.02
CVE-2016-3090
HIGH
Apache Struts 2.x < 2.3.20 - Remote Code Execution via OGNL Expression Injection
Oct 30, 2017
CVSS 8.8
EPSS 0.06
CVE-2016-5003
CRITICAL
Apache ws-xmlrpc 3.1.3 - Remote Code Execution via Deserialization in Serializable Element
Oct 27, 2017
CVSS 9.8
EPSS 0.15
CVE-2016-5002
HIGH
Apache XML-RPC 3.1.3 - XML External Entity Injection via Crafted DTD
Oct 27, 2017
CVSS 7.8
EPSS 0.08
CVE-2016-8748
MEDIUM
Apache NiFi < 1.0.1 and 1.1.x < 1.1.1 - Cross-Site Scripting in Connection Details Dialog
Oct 19, 2017
CVSS 5.4
EPSS 0.02
CVE-2016-4461
HIGH
Apache Struts 2.0.0-2.3.28 - Remote Code Execution via Forced Double OGNL Evaluation
Oct 16, 2017
CVSS 8.8
EPSS 0.08
CVE-2016-8734
MEDIUM
Apache Subversion <1.8.16, <1.9.4 - DoS
Oct 16, 2017
CVSS 6.5
EPSS 0.06
CVE-2016-6815
MEDIUM
Apache Ranger < 0.6.2 - Unauthorized Password Change for Admin Users
Oct 13, 2017
CVSS 6.5
EPSS 0.02
CVE-2016-8736
CRITICAL
Apache OpenMeetings < 3.1.2 - Remote Code Execution via RMI Deserialization
Oct 12, 2017
CVSS 9.8
EPSS 0.05
CVE-2016-6806
HIGH
Apache Wicket 6.x < 6.25.0, 7.x < 7.5.0, 8.0.0-M1 - Cross-Site Request Forgery
Oct 03, 2017
CVSS 8.8
EPSS 0.01
CVE-2016-4434
HIGH
Apache Tika < 1.13 - XML External Entity Injection via OOXML Spreadsheets and XMP Metadata
Sep 30, 2017
CVSS 7.8
EPSS 0.03
CVE-2016-8738
MEDIUM
Apache Struts 2.5-2.5.5 - Denial of Service via URLValidator
Sep 20, 2017
CVSS 5.9
EPSS 0.03
CVE-2016-6795
CRITICAL
Apache Struts 2.3.x < 2.3.31 and 2.5.x < 2.5.5 - Remote Code Execution via Path Traversal
Sep 20, 2017
CVSS 9.8
EPSS 0.08
CVE-2016-8744
HIGH
Apache Brooklyn <0.10.0 - Code Injection
Sep 13, 2017
CVSS 8.8
EPSS 0.04
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters