apache

3,096 tracked vulnerabilities.

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
Jan 26, 2026
CVSS 9.9
EPSS 0.04
CVE-2016-1000104 HIGH
mod_fcgid <2016-07-07 - Auth Bypass
Dec 03, 2019
CVSS 8.8
EPSS 0.02
CVE-2016-4975 MEDIUM NUCLEI
Apache HTTP Server <2.4.24, <2.2.32 - CRLF Injection
Aug 14, 2018
CVSS 6.1
EPSS 0.20
CVE-2016-8612 MEDIUM
Apache HTTP Server mod_cluster <httpd 2.4.23 - Memory Corruption
Mar 09, 2018
CVSS 4.3
EPSS 0.05
CVE-2016-8750 MEDIUM
Apache Karaf < 4.0.8 - Denial of Service via LDAP Injection
Feb 19, 2018
CVSS 6.5
EPSS 0.05
CVE-2016-8742 HIGH
Apache CouchDB <2.0.0 - Privilege Escalation
Feb 12, 2018
CVSS 7.8
EPSS 0.02
CVE-2016-5397 HIGH
Apache Thrift < 0.10.0 - Command Injection via Code Generation
Feb 12, 2018
CVSS 8.8
EPSS 0.07
CVE-2016-6813 CRITICAL
Apache CloudStack 4.1-4.8.1.0,4.9.0.0 - Privilege Escalation
Feb 06, 2018
CVSS 9.8
EPSS 0.06
CVE-2016-6814 CRITICAL
Apache Groovy 1.7.0-2.4.7 - Remote Code Execution via Untrusted Data Deserialization
Jan 18, 2018
CVSS 9.8
EPSS 0.17
CVE-2016-6810 MEDIUM
Apache ActiveMQ 5.0.0-5.14.1 - Stored Cross-Site Scripting in Web Administration Console
Jan 10, 2018
CVSS 6.1
EPSS 0.06
CVE-2016-6804 HIGH
Apache OpenOffice < 4.1.3 - DLL Hijacking via Installer
Nov 20, 2017
CVSS 7.8
EPSS 0.03
CVE-2016-6803 HIGH
Apache OpenOffice < 4.1.3 - Untrusted Search Path
Nov 13, 2017
CVSS 7.8
EPSS 0.02
CVE-2016-3090 HIGH
Apache Struts 2.x < 2.3.20 - Remote Code Execution via OGNL Expression Injection
Oct 30, 2017
CVSS 8.8
EPSS 0.06
CVE-2016-5003 CRITICAL
Apache ws-xmlrpc 3.1.3 - Remote Code Execution via Deserialization in Serializable Element
Oct 27, 2017
CVSS 9.8
EPSS 0.15
CVE-2016-5002 HIGH
Apache XML-RPC 3.1.3 - XML External Entity Injection via Crafted DTD
Oct 27, 2017
CVSS 7.8
EPSS 0.08
CVE-2016-8748 MEDIUM
Apache NiFi < 1.0.1 and 1.1.x < 1.1.1 - Cross-Site Scripting in Connection Details Dialog
Oct 19, 2017
CVSS 5.4
EPSS 0.02
CVE-2016-4461 HIGH
Apache Struts 2.0.0-2.3.28 - Remote Code Execution via Forced Double OGNL Evaluation
Oct 16, 2017
CVSS 8.8
EPSS 0.08
CVE-2016-8734 MEDIUM
Apache Subversion <1.8.16, <1.9.4 - DoS
Oct 16, 2017
CVSS 6.5
EPSS 0.06
CVE-2016-6815 MEDIUM
Apache Ranger < 0.6.2 - Unauthorized Password Change for Admin Users
Oct 13, 2017
CVSS 6.5
EPSS 0.02
CVE-2016-8736 CRITICAL
Apache OpenMeetings < 3.1.2 - Remote Code Execution via RMI Deserialization
Oct 12, 2017
CVSS 9.8
EPSS 0.05
CVE-2016-6806 HIGH
Apache Wicket 6.x < 6.25.0, 7.x < 7.5.0, 8.0.0-M1 - Cross-Site Request Forgery
Oct 03, 2017
CVSS 8.8
EPSS 0.01
CVE-2016-4434 HIGH
Apache Tika < 1.13 - XML External Entity Injection via OOXML Spreadsheets and XMP Metadata
Sep 30, 2017
CVSS 7.8
EPSS 0.03
CVE-2016-8738 MEDIUM
Apache Struts 2.5-2.5.5 - Denial of Service via URLValidator
Sep 20, 2017
CVSS 5.9
EPSS 0.03
CVE-2016-6795 CRITICAL
Apache Struts 2.3.x < 2.3.31 and 2.5.x < 2.5.5 - Remote Code Execution via Path Traversal
Sep 20, 2017
CVSS 9.8
EPSS 0.08
CVE-2016-8744 HIGH
Apache Brooklyn <0.10.0 - Code Injection
Sep 13, 2017
CVSS 8.8
EPSS 0.04