apache
3,096 tracked vulnerabilities.
CVE-2016-4438
CRITICAL
Apache Struts 2.3.19-2.3.28.1 - Remote Code Execution via REST Plugin
Jul 04, 2016
CVSS 9.8
EPSS 0.17
CVE-2016-4433
HIGH
Apache Struts 2 <2.3.29 - Auth Bypass
Jul 04, 2016
CVSS 7.5
EPSS 0.10
CVE-2016-4431
HIGH
Apache Struts 2 <2.3.29 - Auth Bypass
Jul 04, 2016
CVSS 7.5
EPSS 0.10
CVE-2016-4430
HIGH
Apache Struts 2.3.20-2.3.28.1 - Cross-Site Request Forgery
Jul 04, 2016
CVSS 8.8
EPSS 0.04
CVE-2016-3092
HIGH
Apache Tomcat 7.x < 7.0.70, 8.x < 8.0.36, 8.5.x < 8.5.3, 9.x < 9.0.0.M7 - Denial of Service via Long Boundary String
Jul 04, 2016
CVSS 7.5
EPSS 0.36
CVE-2016-1182
HIGH
Apache Struts 1.x-1.3.10 - Cross-Site Scripting or Denial of Service via Validator Configuration
Jul 04, 2016
CVSS 8.2
EPSS 0.26
CVE-2016-1181
HIGH
Apache Struts 1 <1.3.10 - RCE
Jul 04, 2016
CVSS 8.1
EPSS 0.13
CVE-2016-2174
HIGH
Apache Ranger < 0.5.3 - Authenticated SQL Injection via eventTime Parameter
Jun 13, 2016
CVSS 7.2
EPSS 0.02
CVE-2016-3085
MEDIUM
Apache CloudStack < 4.5.2.1, 4.6.2.1, 4.7.1.1, 4.8.0.1 - SAML Authentication Bypass
Jun 10, 2016
CVSS 6.5
EPSS 0.03
CVE-2016-3093
MEDIUM
Apache Struts 2.0.0-2.3.24.1 - Denial of Service via OGNL Method Reference Caching
Jun 07, 2016
CVSS 5.3
EPSS 0.09
CVE-2016-3087
CRITICAL
Apache Struts 2.3.19-2.3.20.2, 2.3.21-2.3.24.1, 2.3.25-2.3.28 - Remote Code Execution
Jun 07, 2016
CVSS 9.8
EPSS 0.81
CVE-2016-4437
CRITICAL
KEVNUCLEI
Apache Shiro < 1.2.5 - Remote Code Execution via Remember Me Feature
Jun 07, 2016
CVSS 9.8
EPSS 0.93
CVE-2016-4432
CRITICAL
Apache Qpid Java <6.0.3 - Auth Bypass
Jun 01, 2016
CVSS 9.1
EPSS 0.08
CVE-2016-3094
MEDIUM
Apache Qpid Broker-J < 6.0.2 and qpid-broker < 6.0.3 - Denial of Service via Crafted Authentication Attempt
Jun 01, 2016
CVSS 5.9
EPSS 0.08
CVE-2016-3088
CRITICAL
KEVNUCLEI
ActiveMQ web shell upload
Jun 01, 2016
CVSS 9.8
EPSS 0.99
CVE-2016-2175
HIGH
Apache PDFBox < 1.8.12 and 2.x < 2.0.1 - XML External Entity Injection
Jun 01, 2016
CVSS 7.8
EPSS 0.05
CVE-2016-0731
MEDIUM
Apache Ambari <2.2.1 - Info Disclosure
May 18, 2016
CVSS 4.9
EPSS 0.03
CVE-2016-0707
LOW
Apache Ambari <2.1.2 - Info Disclosure
May 18, 2016
CVSS 3.3
EPSS 0.00
CVE-2016-2099
CRITICAL
Apache Xerces C++ < 3.1.3 - Use-After-Free in DTDScanner
May 13, 2016
CVSS 9.8
EPSS 0.07
CVE-2016-2168
MEDIUM
Apache Subversion < 1.8.16 and 1.9.x < 1.9.4 - Authenticated Denial of Service via Crafted MOVE or COPY Request
May 05, 2016
CVSS 6.5
EPSS 0.20
CVE-2016-2167
MEDIUM
Apache Subversion < 1.8.16 and 1.9.x < 1.9.4 - Unauthenticated Authentication Bypass via Realm String Prefix
May 05, 2016
CVSS 6.8
EPSS 0.07
CVE-2016-3082
CRITICAL
Apache Struts 2.x Remote Code Execution via XSLTResult Stylesheet Location
Apr 26, 2016
CVSS 9.8
EPSS 0.20
CVE-2016-3081
HIGH
NUCLEI
Apache Struts 2.3.19-2.3.20.2, 2.3.21-2.3.24.1, 2.3.25-2.3.28 - Remote Code Execution via Dynamic Method Invocation
Apr 26, 2016
CVSS 8.1
EPSS 0.94
CVE-2016-3427
CRITICAL
KEV
Oracle JDK and JRE - Remote Code Execution via JMX
Apr 21, 2016
CVSS 9.8
EPSS 0.92
CVE-2016-4003
MEDIUM
Apache Struts 2.0.0-2.3.27 - Cross-Site Scripting via URLDecoder Multi-Byte Character Handling
Apr 12, 2016
CVSS 6.1
EPSS 0.12
Products
http_server 330
tomcat 263
airflow 143
struts 90
traffic_server 82
ofbiz 76
camel 75
activemq 72
superset 68
openoffice 60
cxf 57
nifi 50
solr 47
subversion 47
cloudstack 45
hadoop 37
dolphinscheduler 32
inlong 32
openmeetings 29
ambari 26
apisix 25
tika 25
jspwiki 24
kylin 24
shiro 24
fineract 23
geode 23
spark 22
wicket 22
zeppelin 22
Quick Filters